Skip to content

Commit

Permalink
[newrelic-logging]: NR-300427: Add support to have hostNetwork proper…
Browse files Browse the repository at this point in the history 
…ty for fluentbit logging pods. (#1462)

#### Is this a new chart
No.
#### What this PR does / why we need it:
This PR exposes hostNetwork as a configurable option to provide
flexibility while maintaining security by default. This is needed for
some inputs like UDP Log Plugin which will require this setting to be
true as they need to bind to the host network. **Note**:`hostNetwork`
was removed earlier through the PR:
#1207 as it was defaulting
to true for linux and we did not see a need to keep having it.

* This addresses NR-300427.

#### Which issue this PR fixes
*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)`
format, will close that issue when PR gets merged)*


#### Special notes for your reviewer:
##### Testing done.
1. Unit test: `helm unittest charts/newrelic-logging`
2. Dry Run with default values.yaml produces a yaml file without
`hostNetwork`. Dry run with a test yaml file with `hostNetwork` true
produces yaml with `hostNetwork = true` . ``` helm upgrade --install
newrelic-bundle --set licenseKey=NRAK-4ELM412W24DKNJMOT1N67IDWMW7
/Users/mjha/newrelicpublic/helm-charts/charts/newrelic-logging -n
newrelic --values
/Users/mjha/newrelicpublic/helm-charts/charts/newrelic-logging/ci/test-hostnetwork-true.yaml
–dry-run```
3. Installing with `hostNetwork = true` result in POD having same IP
whereas with `hostNetwork = false` or absent POD have a different IP
Adddress.
POD IP with `hostNetwork = true`:
```
mjha@C44F6H7NR2 helm-charts % kubectl describe pods newrelic-bundle-newrelic-logging-5gjs5 -n newrelic
Name:             newrelic-bundle-newrelic-logging-5gjs5
Namespace:        newrelic
Priority:         0
Service Account:  newrelic-bundle-newrelic-logging
Node:             kind-control-plane/172.18.0.2
Start Time:       Mon, 12 Aug 2024 17:27:36 +0530
Labels:           app=newrelic-logging
                  app.kubernetes.io/name=newrelic-logging
                  controller-revision-hash=5cc94d4979
                  kubernetes.io/os=linux
                  pod-template-generation=1
                  release=newrelic-bundle
Annotations:      checksum/fluent-bit-config: ebc9eabd67417276ed03d3c82d6bb7278ea319b27661d10f1a6092b6d04bd052
Status:           Running
IP:               172.18.0.2
IPs:
  IP:           172.18.0.2
```
POD IP with `hostNetwork = false`:
```
mjha@C44F6H7NR2 helm-charts % kubectl describe pods newrelic-bundle-newrelic-logging-gl8gr -n newrelic
Name:             newrelic-bundle-newrelic-logging-gl8gr
Namespace:        newrelic
Priority:         0
Service Account:  newrelic-bundle-newrelic-logging
Node:             kind-control-plane/172.18.0.2
Start Time:       Mon, 12 Aug 2024 17:57:53 +0530
Labels:           app=newrelic-logging
                  app.kubernetes.io/name=newrelic-logging
                  controller-revision-hash=7d8dfbb548
                  kubernetes.io/os=linux
                  pod-template-generation=1
                  release=newrelic-bundle
Annotations:      checksum/fluent-bit-config: ebc9eabd67417276ed03d3c82d6bb7278ea319b27661d10f1a6092b6d04bd052
Status:           Running
IP:               10.244.0.5
IPs:
  IP:           10.244.0.5
```
#### Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove
unrelated fields.]
- [x] Chart Version bumped
- [x] Variables are documented in the README.md
- [x] Title of the PR starts with chart name (e.g. `[mychartname]`)
  • Loading branch information
@maya-jha
maya-jha authored Aug 19, 2024
1 parent af78059 commit abe4444
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 2 deletions.
2 changes: 1 addition & 1 deletion charts/newrelic-logging/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm chart to deploy New Relic Kubernetes Logging as a DaemonSet, supporting both Linux and Windows nodes and containers
name: newrelic-logging
version: 1.22.3
version: 1.22.4
appVersion: 2.0.0
home: https://github.com/newrelic/kubernetes-logging
icon: https://newrelic.com/assets/newrelic/source/NewRelic-logo-square.svg
Expand Down
3 changes: 2 additions & 1 deletion charts/newrelic-logging/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ helm upgrade --install newrelic-bundle newrelic/nri-bundle \
See [values.yaml](values.yaml) for the default values

| Parameter | Description | Default |
|--------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------- |
| `global.cluster` - `cluster` | The cluster name for the Kubernetes cluster. | |
| `global.licenseKey` - `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be the preferred configuration option if both `licenseKey` and `customSecret*` values are specified. | |
| `global.customSecretName` - `customSecretName` | Name of the Secret object where the license key is stored | |
Expand Down Expand Up @@ -163,6 +163,7 @@ See [values.yaml](values.yaml) for the default values
| `fluentBit.persistence.persistentVolume.extra.claim` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), allows to add extra properties to the PersistentVolumeClaim (if created). | |
| `daemonSet.annotations` | The annotations to add to the `DaemonSet`. | |
| `podAnnotations` | The annotations to add to the `DaemonSet` created `Pod`s. | |
| `hostNetwork` | Set the hostNetwork property for fluentbit pods. | |
| `enableLinux` | Enable log collection from Linux containers. This is the default behavior. In case you are only interested of collecting logs from Windows containers, set this to `false`. | `true` |
| `enableWindows` | Enable log collection from Windows containers. Please refer to the [Windows support](#windows-support) section for more details. | `false` |
| `fluentBit.config.service` | Contains fluent-bit.conf Service config | |
Expand Down
3 changes: 3 additions & 0 deletions charts/newrelic-logging/templates/daemonset-windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ spec:
imagePullSecrets:
{{- . | nindent 8 }}
{{- end }}
{{- if $.Values.hostNetwork }}
hostNetwork: {{ $.Values.hostNetwork }}
{{- end }}
{{- if $.Values.windows.initContainers }}
initContainers:
{{ toYaml $.Values.windows.initContainers | indent 8 }}
Expand Down
3 changes: 3 additions & 0 deletions charts/newrelic-logging/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ spec:
securityContext:
{{- . | nindent 8 }}
{{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: {{ .Values.hostNetwork }}
{{- end }}
initContainers:
{{- if and (.Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "persistentVolume") }}
- name: init
Expand Down
46 changes: 46 additions & 0 deletions charts/newrelic-logging/tests/host_network_test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
suite: test hostNetwork options in fluent-bit pods
templates:
- templates/configmap.yaml
- templates/daemonset.yaml
- templates/daemonset-windows.yaml
release:
name: my-release
namespace: my-namespace
tests:
- it: daemonsets does not contain hostNetwork block when not provided
set:
licenseKey: nr_license_key
enableWindows: true
asserts:
- notExists:
path: spec.template.spec.hostNetwork
template: templates/daemonset.yaml
- notExists:
path: spec.template.spec.hostNetwork
template: templates/daemonset-windows.yaml
- it: daemonsets does not contain hostNetwork block when provided as false
set:
licenseKey: nr_license_key
enableWindows: true
hostNetwork: false
asserts:
- notExists:
path: spec.template.spec.hostNetwork
template: templates/daemonset.yaml
- notExists:
path: spec.template.spec.hostNetwork
template: templates/daemonset-windows.yaml
- it: daemonsets does contain hostNetwork=true when provided as true
set:
licenseKey: nr_license_key
enableWindows: true
hostNetwork: true
asserts:
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/daemonset.yaml
- equal:
path: spec.template.spec.hostNetwork
value: true
template: templates/daemonset-windows.yaml
4 changes: 4 additions & 0 deletions charts/newrelic-logging/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,10 @@ daemonSet:
# Annotations to add to the resulting Pods of the DaemonSet.
podAnnotations: {}

# If host network should be enabled for fluentbit pods.
# There are some inputs like UDP which will require this setting to be true as they need to bind to the host network.
hostNetwork:

# When low data mode is enabled only minimal attributes are added to the logs. Kubernetes labels and
# annotations are not included. The plugin.type, plugin.version and plugin.source attributes are minified
# into the plugin.source attribute.
Expand Down

0 comments on commit abe4444

Please sign in to comment.