Merge pull request #1959 from DinaGamalMahmoud/feat/varlibcontainers-optional

pepov · web-flow · commit cb59b0ba91f5 · 2025-03-04T13:30:06.000+01:00
feat: add varlibcontainers volume as optional
diff --git a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_fluentbitagents.yaml b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_fluentbitagents.yaml
@@ -1140,6 +1140,8 @@ spec:
                 type: object
               disableKubernetesFilter:
                 type: boolean
+              disableVarLibDockerContainers:
+                type: boolean
               dnsConfig:
                 properties:
                   nameservers:
diff --git a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_loggings.yaml b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_loggings.yaml
@@ -1988,6 +1988,8 @@ spec:
                     type: object
                   disableKubernetesFilter:
                     type: boolean
+                  disableVarLibDockerContainers:
+                    type: boolean
                   dnsConfig:
                     properties:
                       nameservers:
diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_fluentbitagents.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_fluentbitagents.yaml
@@ -1137,6 +1137,8 @@ spec:
                 type: object
               disableKubernetesFilter:
                 type: boolean
+              disableVarLibDockerContainers:
+                type: boolean
               dnsConfig:
                 properties:
                   nameservers:
diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_loggings.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_loggings.yaml
@@ -1985,6 +1985,8 @@ spec:
                     type: object
                   disableKubernetesFilter:
                     type: boolean
+                  disableVarLibDockerContainers:
+                    type: boolean
                   dnsConfig:
                     properties:
                       nameservers:
diff --git a/config/crd/bases/logging.banzaicloud.io_fluentbitagents.yaml b/config/crd/bases/logging.banzaicloud.io_fluentbitagents.yaml
@@ -1137,6 +1137,8 @@ spec:
                 type: object
               disableKubernetesFilter:
                 type: boolean
+              disableVarLibDockerContainers:
+                type: boolean
               dnsConfig:
                 properties:
                   nameservers:
diff --git a/config/crd/bases/logging.banzaicloud.io_loggings.yaml b/config/crd/bases/logging.banzaicloud.io_loggings.yaml
@@ -1985,6 +1985,8 @@ spec:
                     type: object
                   disableKubernetesFilter:
                     type: boolean
+                  disableVarLibDockerContainers:
+                    type: boolean
                   dnsConfig:
                     properties:
                       nameservers:
diff --git a/docs/configuration/crds/v1beta1/fluentbit_types.md b/docs/configuration/crds/v1beta1/fluentbit_types.md
@@ -99,6 +99,11 @@ Available in Logging operator version 4.2 and later. Specify a custom parser fil
 Disable Kubernetes metadata filter 
 
 
+### disableVarLibDockerContainers (*bool, optional) {#fluentbitspec-disablevarlibdockercontainers}
+
+DisableVarLibDockerContainers controls whether the /var/lib/docker/containers volume is mounted. If true, the volume is NOT mounted. If false (default), the volume is mounted. 
+
+
 ### enableUpstream (bool, optional) {#fluentbitspec-enableupstream}
 
 
diff --git a/pkg/resources/fluentbit/daemonset.go b/pkg/resources/fluentbit/daemonset.go
@@ -176,11 +176,6 @@ func newConfigMapReloader(spec *v1beta1.FluentbitSpec) corev1.Container {
 
 func (r *Reconciler) generateVolumeMounts() (v []corev1.VolumeMount) {
 	v = []corev1.VolumeMount{
-		{
-			Name:      "varlibcontainers",
-			ReadOnly:  true,
-			MountPath: "/var/lib/docker/containers",
-		},
 		{
 			Name:      "varlogs",
 			ReadOnly:  true,
@@ -192,6 +187,14 @@ func (r *Reconciler) generateVolumeMounts() (v []corev1.VolumeMount) {
 		},
 	}
 
+	if !*r.fluentbitSpec.DisableVarLibDockerContainers {
+		v = append(v, corev1.VolumeMount{
+			Name:      "varlibcontainers",
+			ReadOnly:  true,
+			MountPath: "/var/lib/docker/containers",
+		})
+	}
+
 	for vCount, vMnt := range r.fluentbitSpec.ExtraVolumeMounts {
 		v = append(v, corev1.VolumeMount{
 			Name:      "extravolumemount" + strconv.Itoa(vCount),
@@ -215,21 +218,24 @@ func (r *Reconciler) generateVolumeMounts() (v []corev1.VolumeMount) {
 func (r *Reconciler) generateVolume() (v []corev1.Volume) {
 	v = []corev1.Volume{
 		{
-			Name: "varlibcontainers",
+			Name: "varlogs",
 			VolumeSource: corev1.VolumeSource{
 				HostPath: &corev1.HostPathVolumeSource{
-					Path: r.fluentbitSpec.MountPath,
+					Path: "/var/log",
 				},
 			},
 		},
-		{
-			Name: "varlogs",
+	}
+
+	if !*r.fluentbitSpec.DisableVarLibDockerContainers {
+		v = append(v, corev1.Volume{
+			Name: "varlibcontainers",
 			VolumeSource: corev1.VolumeSource{
 				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/log",
+					Path: r.fluentbitSpec.MountPath,
 				},
 			},
-		},
+		})
 	}
 
 	for vCount, vMnt := range r.fluentbitSpec.ExtraVolumeMounts {
diff --git a/pkg/sdk/logging/api/v1beta1/fluentbit_types.go b/pkg/sdk/logging/api/v1beta1/fluentbit_types.go
@@ -77,6 +77,9 @@ type FluentbitSpec struct {
 	Flush int32 `json:"flush,omitempty"  plugin:"default:1"`
 	// Set the grace time in seconds as Integer value. The engine loop uses a Grace timeout to define wait time on exit.
 	Grace int32 `json:"grace,omitempty" plugin:"default:5"`
+	// DisableVarLibDockerContainers controls whether the /var/lib/docker/containers volume is mounted.
+	// If true, the volume is NOT mounted. If false (default), the volume is mounted.
+	DisableVarLibDockerContainers *bool `json:"disableVarLibDockerContainers,omitempty"`
 	// HotReload pauses all inputs and waits until they finish. In certain situations this is unacceptable, for example if an output is down for a longer time.
 	// An undocumented option called "Hot_Reload.Ensure_Thread_Safety Off" can be used at the [SERVICE] config to force hotreload after the grace period.
 	// Please note that it might result in a SIGSEGV, but worst case kubelet will restart the container.
diff --git a/pkg/sdk/logging/api/v1beta1/logging_types.go b/pkg/sdk/logging/api/v1beta1/logging_types.go
@@ -267,6 +267,10 @@ func (logging *Logging) WatchAllNamespaces() bool {
 
 func FluentBitDefaults(fluentbitSpec *FluentbitSpec) error {
 	if fluentbitSpec != nil { // nolint:nestif
+		// Set default value for DisableVarLibDockerContainers to false (meaning volume is mounted by default)
+		if fluentbitSpec.DisableVarLibDockerContainers == nil {
+			fluentbitSpec.DisableVarLibDockerContainers = util.BoolPointer(false)
+		}
 		if fluentbitSpec.PosisionDBLegacy != nil {
 			return errors.New("`position_db` field is deprecated, use `positiondb`")
 		}
diff --git a/pkg/sdk/logging/api/v1beta1/zz_generated.deepcopy.go b/pkg/sdk/logging/api/v1beta1/zz_generated.deepcopy.go
