From 0d8624382e862ee14fb2f20022cb3737727b3ebf Mon Sep 17 00:00:00 2001
From: Sebastian Brandt <sbrandt@d2iq.com>
Date: Mon, 27 Jul 2020 10:22:54 +0200
Subject: [PATCH] chore: updated fluent-bit chart

- with new chart version new fluent-bit 1.5.2 is used
- added /proc/uptime and /dev/kmsg volumes (for later usage, more
changes needed)
- added hostPath for /var/log/kubernetes/audit to get rid of non
control-plane nodes error messages from fluent-bit
- needs to run priviledged to have access to systemd-journal
---
 addons/fluentbit/1.5.x/fluentbit-2.yaml | 40 +++++++++++++++----------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/addons/fluentbit/1.5.x/fluentbit-2.yaml b/addons/fluentbit/1.5.x/fluentbit-2.yaml
index e514c122..4053e75a 100644
--- a/addons/fluentbit/1.5.x/fluentbit-2.yaml
+++ b/addons/fluentbit/1.5.x/fluentbit-2.yaml
@@ -7,8 +7,8 @@ metadata:
   labels:
     kubeaddons.mesosphere.io/name: fluentbit
   annotations:
-    catalog.kubeaddons.mesosphere.io/addon-revision: "1.5.1-1"
-    appversion.kubeaddons.mesosphere.io/fluentbit: "1.5.1"
+    catalog.kubeaddons.mesosphere.io/addon-revision: "1.5.2-1"
+    appversion.kubeaddons.mesosphere.io/fluentbit: "1.5.2"
     values.chart.helm.kubeaddons.mesosphere.io/fluentbit: "https://raw.githubusercontent.com/fluent/helm-charts/6cba78c/charts/fluent-bit/values.yaml"
 spec:
   kubernetes:
@@ -32,10 +32,8 @@ spec:
   chartReference:
     chart: fluent-bit
     repo: https://fluent.github.io/helm-charts
-    version: 0.6.0
+    version: 0.6.1
     values: |
-      image:
-        tag: 1.5.1
       service:
         annotations:
           prometheus.io/path: "/api/v1/metrics/prometheus"
@@ -54,24 +52,33 @@ spec:
         requests:
           cpu: 350m
           memory: 350Mi
-      podSecurityPolicy:
-        create: true
-      podSecurityContext:
-        fsGroup: 2000
-      securityContext:
-        capabilities:
-          drop:
-          - ALL
-        readOnlyRootFilesystem: true
-        runAsNonRoot: true
-        runAsUser: 1000
       priorityClassName: system-node-critical
       extraVolumes:
       - name: tail-db
         emptyDir: {}
+      # we create this to get rid of error messages that would appear on non control-plane nodes
+      - name: kubernetes-audit
+        hostPath:
+          path: /var/log/kubernetes/audit
+          type: DirectoryOrCreate
+      # needed for kmsg input plugin
+      - name: uptime
+        hostPath:
+          path: /proc/uptime
+          type: File
+      - name: kmsg
+        hostPath:
+          path: /dev/kmsg
+          type: CharDevice
       extraVolumeMounts:
       - name: tail-db
         mountPath: /tail-db
+      - name: kubernetes-audit
+        mountPath: /var/log/kubernetes/audit
+      - name: uptime
+        mountPath: /proc/uptime
+      - name: kmsg
+        mountPath: /dev/kmsg
       config:
         ## https://docs.fluentbit.io/manual/service
         service: |
@@ -110,6 +117,7 @@ spec:
               Skip_Long_Lines On
           [INPUT]
               Name systemd
+              DB /tail-db/journal.db
               Tag host.*
               Max_Entries 1000
               Read_From_Tail On