Merge pull request #69027 from abrennan89/clf-examples

OBSDOCS-612: Clean up CLF examples

Author: abrennan89

logging/log_collection_forwarding/log-forwarding.adoc

@@ -153,45 +153,47 @@ $ oc apply -f output/manifests/openshift-logging-<your_role_name>-credentials.ya
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: clf-collector <3>
   outputs:
-   - name: cw <3>
-     type: cloudwatch <4>
+   - name: cw <4>
+     type: cloudwatch <5>
      cloudwatch:
-       groupBy: logType <5>
-       groupPrefix: <group prefix> <6>
-       region: us-east-2 <7>
+       groupBy: logType <6>
+       groupPrefix: <group prefix> <7>
+       region: us-east-2 <8>
      secret:
-        name: <your_role_name> <8>
+        name: <your_secret_name> <9>
   pipelines:
-    - name: to-cloudwatch <9>
-      inputRefs: <10>
+    - name: to-cloudwatch <10>
+      inputRefs: <11>
         - infrastructure
         - audit
         - application
       outputRefs:
-        - cw <11>
+        - cw <12>
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `cloudwatch` type.
-<5> Optional: Specify how to group the logs:
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> Specify the `clf-collector` service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `cloudwatch` type.
+<6> Optional: Specify how to group the logs:
 +
-* `logType` creates log groups for each log type
+* `logType` creates log groups for each log type.
 * `namespaceName` creates a log group for each application name space. Infrastructure and audit logs are unaffected, remaining grouped by `logType`.
 * `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
-<6> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
-<7> Specify the AWS region.
-<8> Specify the name of the secret that contains your AWS credentials.
-<9> Optional: Specify a name for the pipeline.
-<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<7> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
+<8> Specify the AWS region.
+<9> Specify the name of the secret that contains your AWS credentials.
+<10> Optional: Specify a name for the pipeline.
+<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<12> Specify the name of the output to use when forwarding logs with this pipeline.
 endif::[]
 
 [role="_additional-resources"]

modules/cluster-logging-collector-log-forward-cloudwatch.adoc

@@ -33,45 +33,47 @@ $ oc apply -f cw-secret.yaml
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: cw <3>
-     type: cloudwatch <4>
+   - name: cw <4>
+     type: cloudwatch <5>
      cloudwatch:
-       groupBy: logType <5>
-       groupPrefix: <group prefix> <6>
-       region: us-east-2 <7>
+       groupBy: logType <6>
+       groupPrefix: <group prefix> <7>
+       region: us-east-2 <8>
      secret:
-        name: cw-secret <8>
+        name: cw-secret <9>
   pipelines:
-    - name: infra-logs <9>
-      inputRefs: <10>
+    - name: infra-logs <10>
+      inputRefs: <11>
         - infrastructure
         - audit
         - application
       outputRefs:
-        - cw <11>
-----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `cloudwatch` type.
-<5> Optional: Specify how to group the logs:
+        - cw <12>
+----
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `cloudwatch` type.
+<6> Optional: Specify how to group the logs:
 +
-* `logType` creates log groups for each log type
+* `logType` creates log groups for each log type.
 * `namespaceName` creates a log group for each application name space. It also creates separate log groups for infrastructure and audit logs.
 * `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
-<6> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
-<7> Specify the AWS region.
-<8> Specify the name of the secret that contains your AWS credentials.
-<9> Optional: Specify a name for the pipeline.
-<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<7> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
+<8> Specify the AWS region.
+<9> Specify the name of the secret that contains your AWS credentials.
+<10> Optional: Specify a name for the pipeline.
+<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<12> Specify the name of the output to use when forwarding logs with this pipeline.
 
 . Create the CR object:
 +
@@ -287,4 +289,4 @@ $ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
 "mycluster-7977k.infrastructure"
 ----
 
-The `groupBy` field affects the application log group only. It does not affect the `audit` and `infrastructure` log groups.
+The `groupBy` field affects the application log group only. It does not affect the `audit` and `infrastructure` log groups.

modules/cluster-logging-collector-log-forward-es.adoc

@@ -23,52 +23,54 @@ If you want to forward logs to *only* the internal {product-title} Elasticsearch
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: elasticsearch-insecure <3>
-     type: "elasticsearch" <4>
-     url: http://elasticsearch.insecure.com:9200 <5>
+   - name: elasticsearch-insecure <4>
+     type: "elasticsearch" <5>
+     url: http://elasticsearch.insecure.com:9200 <6>
    - name: elasticsearch-secure
      type: "elasticsearch"
-     url: https://elasticsearch.secure.com:9200 <6>
+     url: https://elasticsearch.secure.com:9200 <7>
      secret:
-        name: es-secret <7>
+        name: es-secret <8>
   pipelines:
-   - name: application-logs <8>
-     inputRefs: <9>
+   - name: application-logs <9>
+     inputRefs: <10>
      - application
      - audit
      outputRefs:
-     - elasticsearch-secure <10>
-     - default <11>
+     - elasticsearch-secure <11>
+     - default <12>
      labels:
-       myLabel: "myValue" <12>
-   - name: infrastructure-audit-logs <13>
+       myLabel: "myValue" <13>
+   - name: infrastructure-audit-logs <14>
      inputRefs:
      - infrastructure
      outputRefs:
      - elasticsearch-insecure
      labels:
        logs: "audit-infra"
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `elasticsearch` type.
-<5> Specify the URL and port of the external Elasticsearch instance as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address.
-<6> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
-<7> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. For more information, see the following "Example: Setting secret that contains a username and password."
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify the `default` output to send the logs to the internal Elasticsearch instance.
-<12> Optional: String. One or more labels to add to the logs.
-<13> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `elasticsearch` type.
+<6> Specify the URL and port of the external Elasticsearch instance as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address.
+<7> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
+<8> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. For more information, see the following "Example: Setting a secret that contains a username and password."
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<12> Optional: Specify the `default` output to send the logs to the internal Elasticsearch instance.
+<13> Optional: String. One or more labels to add to the logs.
+<14> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
 ** The `outputRefs` is the name of the output to use.

modules/cluster-logging-collector-log-forward-gcp.adoc

@@ -29,30 +29,34 @@ $ oc -n openshift-logging create secret generic gcp-secret --from-file google-ap
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogForwarder"
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
 metadata:
-  name: "instance"
-  namespace: "openshift-logging"
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
     - name: gcp-1
       type: googleCloudLogging
       secret:
         name: gcp-secret
       googleCloudLogging:
-        projectId : "openshift-gce-devel" <1>
-        logId : "app-gcp" <2>
+        projectId : "openshift-gce-devel" <4>
+        logId : "app-gcp" <5>
   pipelines:
     - name: test-app
-      inputRefs: <3>
+      inputRefs: <6>
         - application
       outputRefs:
         - gcp-1
 ----
-<1> Set either a `projectId`, `folderId`, `organizationId`, or `billingAccountId` field and its corresponding value, depending on where you want to store your logs in the link:https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy[GCP resource hierarchy].
-<2> Set the value to add to the `logName` field of the link:https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry[Log Entry].
-<3> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Set a `projectId`, `folderId`, `organizationId`, or `billingAccountId` field and its corresponding value, depending on where you want to store your logs in the link:https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy[GCP resource hierarchy].
+<5> Set the value to add to the `logName` field of the link:https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry[Log Entry].
+<6> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
 
 [role="_additional-resources"]
 .Additional resources

modules/cluster-logging-collector-log-forward-kafka.adoc

@@ -20,32 +20,33 @@ To configure log forwarding to an external Kafka instance, you must create a `Cl
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: app-logs <3>
-     type: kafka <4>
-     url: tls://kafka.example.devlab.com:9093/app-topic <5>
+   - name: app-logs <4>
+     type: kafka <5>
+     url: tls://kafka.example.devlab.com:9093/app-topic <6>
      secret:
-       name: kafka-secret <6>
+       name: kafka-secret <7>
    - name: infra-logs
      type: kafka
-     url: tcp://kafka.devlab2.example.com:9093/infra-topic <7>
+     url: tcp://kafka.devlab2.example.com:9093/infra-topic <8>
    - name: audit-logs
      type: kafka
      url: tls://kafka.qelab.example.com:9093/audit-topic
      secret:
         name: kafka-secret-qe
   pipelines:
-   - name: app-topic <8>
-     inputRefs: <9>
+   - name: app-topic <9>
+     inputRefs: <10>
      - application
-     outputRefs: <10>
+     outputRefs: <11>
      - app-logs
      labels:
-       logType: "application" <11>
-   - name: infra-topic <12>
+       logType: "application" <12>
+   - name: infra-topic <13>
      inputRefs:
      - infrastructure
      outputRefs:
@@ -57,27 +58,26 @@ spec:
      - audit
      outputRefs:
      - audit-logs
-     - default <13>
      labels:
        logType: "audit"
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `kafka` type.
-<5> Specify the URL and port of the Kafka broker as a valid absolute URL, optionally with a specific topic. You can use the `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
-<6> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
-<7> Optional: To send an insecure output, use a `tcp` prefix in front of the URL. Also omit the `secret` key and its `name` from this output.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: String. One or more labels to add to the logs.
-<12> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `kafka` type.
+<6> Specify the URL and port of the Kafka broker as a valid absolute URL, optionally with a specific topic. You can use the `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
+<7> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
+<8> Optional: To send an insecure output, use a `tcp` prefix in front of the URL. Also omit the `secret` key and its `name` from this output.
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<12> Optional: String. One or more labels to add to the logs.
+<13> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
 ** The `outputRefs` is the name of the output to use.
 ** Optional: String. One or more labels to add to the logs.
-<13> Optional: Specify `default` to forward logs to the internal Elasticsearch instance.
 
 . Optional: To forward a single output to multiple Kafka brokers, specify an array of Kafka brokers as shown in the following example:
 +