Merge branch 'aditya/fluentbit-sidecar' into 'main'

FluentBit logging sidecar

See merge request weblogic-cloud/weblogic-kubernetes-operator!4538

Author: rjeberhard

common/src/main/java/oracle/kubernetes/common/logging/MessageKeys.java

@@ -1,4 +1,4 @@
-// Copyright (c) 2017, 2023, Oracle and/or its affiliates.
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 package oracle.kubernetes.common.logging;
@@ -170,6 +170,8 @@ public class MessageKeys {
   public static final String PVC_IS_BOUND = "WLSKO-0237";
   public static final String WAITING_FOR_PVC_TO_BIND = "WLSKO-0238";
   public static final String PVC_NOT_BOUND_ERROR = "WLSKO-0239";
+  public static final String FLUENTBIT_CONFIGMAP_CREATED = "WLSKO-0240";
+  public static final String FLUENTBIT_CONFIGMAP_REPLACED = "WLSKO-0241";
 
   // domain status messages
   public static final String MAKE_RIGHT_WILL_RETRY = "WLSDO-0000";

common/src/main/resources/Operator.properties

@@ -183,6 +183,8 @@ WLSKO-0236=Persistent volume Claim with name {0} already exists for WebLogic dom
 WLSKO-0237=Persistent volume Claim ''{0}'' is bound.
 WLSKO-0238=Waiting for Persistent volume Claim ''{0}'' to be bound.
 WLSKO-0239=PersistentVolumeClaim ''{0}'' is not bound; the status phase is ''{1}''.
+WLSKO-0240=Fluentbit configmap created.
+WLSKO-0241=Fluentbit configmap replaced.
 
 # Domain status messages
 

documentation/domains/Domain.json

@@ -415,6 +415,10 @@
             "FromModel"
           ]
         },
+        "fluentbitSpecification": {
+          "description": "Automatic fluent-bit sidecar injection. If specified, the operator will deploy a sidecar container alongside each WebLogic Server instance that runs the fluent-bit, Optionally, the introspector job pod can be enabled to deploy with the fluent-bit sidecar container. WebLogic Server instances that are already running when the `fluentbitSpecification` field is created or deleted, will not be affected until they are restarted. When any given server is restarted for another reason, such as a change to the `restartVersion`, then the newly created pod  will have the fluent-bit sidecar or not, as appropriate",
+          "$ref": "#/definitions/FluentbitSpecification"
+        },
         "httpAccessLogInLogHome": {
           "default": true,
           "description": "Specifies whether the server HTTP access log files will be written to the same directory specified in `logHome`. Otherwise, server HTTP access log files will be written to the directory configured in the WebLogic domain configuration. Defaults to true.",
@@ -595,6 +599,68 @@
         }
       }
     },
+    "FluentbitSpecification": {
+      "type": "object",
+      "properties": {
+        "image": {
+          "default": "fluent/fluentd-kubernetes-daemonset:v1.16.1-debian-elasticsearch7-1.2",
+          "description": "The Fluentbit container image name. Defaults to fluent/fluentd-kubernetes-daemonset:v1.16.1-debian-elasticsearch7-1.2",
+          "type": "string"
+        },
+        "imagePullPolicy": {
+          "description": "The image pull policy for the Fluentbit sidecar container image. Legal values are Always, Never, and IfNotPresent. Defaults to Always if image ends in :latest; IfNotPresent, otherwise.",
+          "type": "string"
+        },
+        "elasticSearchCredentials": {
+          "description": "Fluentbit elastic search credentials. A Kubernetes secret in the same namespace of the domain. It must contains 4 keys: elasticsearchhost - ElasticSearch Host Service Address, elasticsearchport - Elastic Search Service Port, elasticsearchuser - Elastic Search Service User Name, elasticsearchpassword - Elastic Search User Password",
+          "type": "string"
+        },
+        "parserConfiguration": {
+          "description": "The Fluentbit parser configuration text, specify your own custom fluentbit configuration.",
+          "type": "string"
+        },
+        "resources": {
+          "description": "Memory and CPU minimum requirements and limits for the fluentbit container. See `kubectl explain pods.spec.containers.resources`.",
+          "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.13.5/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
+        },
+        "containerArgs": {
+          "description": "(Optional) The Fluentbit sidecar container spec\u0027s args. Default is: [ -c, /etc/fluent-bit.conf ] if not specified",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "fluentbitConfiguration": {
+          "description": "The Fluentbit configuration text, specify your own custom fluentbit configuration.",
+          "type": "string"
+        },
+        "watchIntrospectorLogs": {
+          "description": "Fluentbit will watch introspector logs",
+          "type": "boolean"
+        },
+        "env": {
+          "description": "A list of environment variables to set in the fluentbit container. See `kubectl explain pods.spec.containers.env`.",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.13.5/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar"
+          }
+        },
+        "containerCommand": {
+          "description": "(Optional) The Fluentbit sidecar container spec\u0027s command. Default is not set if not specified",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "volumeMounts": {
+          "description": "Volume mounts for fluentbit container",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.13.5/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount"
+          }
+        }
+      }
+    },
     "FluentdSpecification": {
       "type": "object",
       "properties": {

documentation/domains/Domain.md

@@ -25,6 +25,7 @@ The specification of the operation of the WebLogic domain. Required.
 | `domainUID` | string | Domain unique identifier. It is recommended that this value be unique to assist in future work to identify related domains in active-passive scenarios across data centers; however, it is only required that this value be unique within the namespace, similarly to the names of Kubernetes resources. This value is distinct and need not match the domain name from the WebLogic domain configuration. Defaults to the value of `metadata.name`. |
 | `failureRetryIntervalSeconds` | integer | The wait time in seconds before the start of the next retry after a Severe failure. Defaults to 120. |
 | `failureRetryLimitMinutes` | integer | The time in minutes before the operator will stop retrying Severe failures. Defaults to 1440. |
+| `fluentbitSpecification` | [Fluentbit Specification](#fluentbit-specification) | Automatic fluent-bit sidecar injection. If specified, the operator will deploy a sidecar container alongside each WebLogic Server instance that runs the fluent-bit, Optionally, the introspector job pod can be enabled to deploy with the fluent-bit sidecar container. WebLogic Server instances that are already running when the `fluentbitSpecification` field is created or deleted, will not be affected until they are restarted. When any given server is restarted for another reason, such as a change to the `restartVersion`, then the newly created pod  will have the fluent-bit sidecar or not, as appropriate |
 | `fluentdSpecification` | [Fluentd Specification](#fluentd-specification) | Automatic fluentd sidecar injection. If specified, the operator will deploy a sidecar container alongside each WebLogic Server instance that runs the fluentd, Optionally, the introspector job pod can be enabled to deploy with the fluentd sidecar container. WebLogic Server instances that are already running when the `fluentdSpecification` field is created or deleted, will not be affected until they are restarted. When any given server is restarted for another reason, such as a change to the `restartVersion`, then the newly created pod  will have the fluentd sidecar or not, as appropriate |
 | `httpAccessLogInLogHome` | Boolean | Specifies whether the server HTTP access log files will be written to the same directory specified in `logHome`. Otherwise, server HTTP access log files will be written to the directory configured in the WebLogic domain configuration. Defaults to true. |
 | `image` | string | The WebLogic Server image; required when `domainHomeSourceType` is Image or FromModel; otherwise, defaults to container-registry.oracle.com/middleware/weblogic:12.2.1.4. |
@@ -92,6 +93,22 @@ The current status of the operation of the WebLogic domain. Updated automaticall
 | `overridesConfigMap` | string | The name of the ConfigMap for WebLogic configuration overrides. |
 | `secrets` | Array of string | A list of names of the Secrets for WebLogic configuration overrides or model. |
 
+### Fluentbit Specification
+
+| Name | Type | Description |
+| --- | --- | --- |
+| `containerArgs` | Array of string | (Optional) The Fluentbit sidecar container spec's args. Default is: [ -c, /etc/fluent-bit.conf ] if not specified |
+| `containerCommand` | Array of string | (Optional) The Fluentbit sidecar container spec's command. Default is not set if not specified |
+| `elasticSearchCredentials` | string | Fluentbit elastic search credentials. A Kubernetes secret in the same namespace of the domain. It must contains 4 keys: elasticsearchhost - ElasticSearch Host Service Address, elasticsearchport - Elastic Search Service Port, elasticsearchuser - Elastic Search Service User Name, elasticsearchpassword - Elastic Search User Password |
+| `env` | Array of [Env Var](k8s1.13.5.md#env-var) | A list of environment variables to set in the fluentbit container. See `kubectl explain pods.spec.containers.env`. |
+| `fluentbitConfiguration` | string | The Fluentbit configuration text, specify your own custom fluentbit configuration. |
+| `image` | string | The Fluentbit container image name. Defaults to fluent/fluentd-kubernetes-daemonset:v1.16.1-debian-elasticsearch7-1.2 |
+| `imagePullPolicy` | string | The image pull policy for the Fluentbit sidecar container image. Legal values are Always, Never, and IfNotPresent. Defaults to Always if image ends in :latest; IfNotPresent, otherwise. |
+| `parserConfiguration` | string | The Fluentbit parser configuration text, specify your own custom fluentbit configuration. |
+| `resources` | [Resource Requirements](k8s1.13.5.md#resource-requirements) | Memory and CPU minimum requirements and limits for the fluentbit container. See `kubectl explain pods.spec.containers.resources`. |
+| `volumeMounts` | Array of [Volume Mount](k8s1.13.5.md#volume-mount) | Volume mounts for fluentbit container |
+| `watchIntrospectorLogs` | Boolean | Fluentbit will watch introspector logs |
+
 ### Fluentd Specification
 
 | Name | Type | Description |

kubernetes/crd/domain-crd.yaml

@@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    weblogic.sha256: e13837460764db88c202b89ba80cf0b791f28c8e88e2912949366f5e99e001ad
+    weblogic.sha256: 00d086baa58ae8ac5b6cc4f5a7a21535833aea22b5d31b5f38b98bcfa2521805
   name: domains.weblogic.oracle
 spec:
   group: weblogic.oracle
@@ -985,6 +985,159 @@ spec:
                 - PersistentVolume
                 - FromModel
                 type: string
+              fluentbitSpecification:
+                description: Automatic fluent-bit sidecar injection. If specified,
+                  the operator will deploy a sidecar container alongside each WebLogic
+                  Server instance that runs the fluent-bit, Optionally, the introspector
+                  job pod can be enabled to deploy with the fluent-bit sidecar container.
+                  WebLogic Server instances that are already running when the `fluentbitSpecification`
+                  field is created or deleted, will not be affected until they are
+                  restarted. When any given server is restarted for another reason,
+                  such as a change to the `restartVersion`, then the newly created
+                  pod  will have the fluent-bit sidecar or not, as appropriate
+                properties:
+                  image:
+                    default: fluent/fluentd-kubernetes-daemonset:v1.16.1-debian-elasticsearch7-1.2
+                    description: The Fluentbit container image name. Defaults to fluent/fluentd-kubernetes-daemonset:v1.16.1-debian-elasticsearch7-1.2
+                    type: string
+                  imagePullPolicy:
+                    description: The image pull policy for the Fluentbit sidecar container
+                      image. Legal values are Always, Never, and IfNotPresent. Defaults
+                      to Always if image ends in :latest; IfNotPresent, otherwise.
+                    type: string
+                  elasticSearchCredentials:
+                    description: 'Fluentbit elastic search credentials. A Kubernetes
+                      secret in the same namespace of the domain. It must contains
+                      4 keys: elasticsearchhost - ElasticSearch Host Service Address,
+                      elasticsearchport - Elastic Search Service Port, elasticsearchuser
+                      - Elastic Search Service User Name, elasticsearchpassword -
+                      Elastic Search User Password'
+                    type: string
+                  parserConfiguration:
+                    description: The Fluentbit parser configuration text, specify
+                      your own custom fluentbit configuration.
+                    type: string
+                  resources:
+                    description: Memory and CPU minimum requirements and limits for
+                      the fluentbit container. See `kubectl explain pods.spec.containers.resources`.
+                    properties:
+                      claims:
+                        items:
+                          type: object
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                        type: array
+                      requests:
+                        additionalProperties:
+                          type: string
+                        type: object
+                      limits:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  containerArgs:
+                    description: '(Optional) The Fluentbit sidecar container spec''s
+                      args. Default is: [ -c, /etc/fluent-bit.conf ] if not specified'
+                    items:
+                      type: string
+                    type: array
+                  fluentbitConfiguration:
+                    description: The Fluentbit configuration text, specify your own
+                      custom fluentbit configuration.
+                    type: string
+                  watchIntrospectorLogs:
+                    description: Fluentbit will watch introspector logs
+                    type: boolean
+                  env:
+                    description: A list of environment variables to set in the fluentbit
+                      container. See `kubectl explain pods.spec.containers.env`.
+                    items:
+                      type: object
+                      properties:
+                        name:
+                          type: string
+                        value:
+                          type: string
+                        valueFrom:
+                          type: object
+                          properties:
+                            secretKeyRef:
+                              type: object
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                                key:
+                                  type: string
+                              required:
+                              - key
+                            resourceFieldRef:
+                              type: object
+                              properties:
+                                divisor:
+                                  type: string
+                                resource:
+                                  type: string
+                                containerName:
+                                  type: string
+                              required:
+                              - resource
+                            configMapKeyRef:
+                              type: object
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                                key:
+                                  type: string
+                              required:
+                              - key
+                            fieldRef:
+                              type: object
+                              properties:
+                                apiVersion:
+                                  type: string
+                                fieldPath:
+                                  type: string
+                              required:
+                              - fieldPath
+                      required:
+                      - name
+                    type: array
+                  containerCommand:
+                    description: (Optional) The Fluentbit sidecar container spec's
+                      command. Default is not set if not specified
+                    items:
+                      type: string
+                    type: array
+                  volumeMounts:
+                    description: Volume mounts for fluentbit container
+                    items:
+                      type: object
+                      properties:
+                        mountPath:
+                          type: string
+                        mountPropagation:
+                          type: string
+                        name:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        subPath:
+                          type: string
+                        subPathExpr:
+                          type: string
+                      required:
+                      - mountPath
+                      - name
+                    type: array
+                type: object
               httpAccessLogInLogHome:
                 default: true
                 description: Specifies whether the server HTTP access log files will

operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java

@@ -1,4 +1,4 @@
-// Copyright (c) 2019, 2023, Oracle and/or its affiliates.
+// Copyright (c) 2019, 2024, Oracle and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 package oracle.kubernetes.operator.helpers;
@@ -103,6 +103,8 @@ private boolean hasMatchingVolumeName(V1VolumeMount volumeMount) {
 
   abstract List<V1Volume> getFluentdVolumes();
 
+  abstract List<V1Volume> getFluentbitVolumes();
+
   protected V1Container createPrimaryContainer() {
     return new V1Container()
         .name(getContainerName())
@@ -222,6 +224,7 @@ protected V1PodSpec createPodSpec() {
     return new V1PodSpec()
         .containers(getContainers())
         .volumes(getFluentdVolumes())
+        .volumes(getFluentbitVolumes())
         .addContainersItem(createPrimaryContainer())
         .affinity(getServerSpec().getAffinity())
         .topologySpreadConstraints(getTopologySpreadConstraints())