Story

As an administrator of Cluster LogForwarding,
I want configure additional KAFKA SASL options
so I can forward logs using my configured authentication mechanism

Acceptance Criteria

Notes

When set sasl.enable,sasl.mechanisms,sasl.allow-insecure and passphrase in secret. the relevant options can't be created in fluent.conf

Step to reproduce:
1. create fluentd_to_kafka secret
oc create secret generic kafka-fluentd --from-file=ca-bundle.crt=ca/ca_bundle.crt --from-file=tls.crt=client/client.crt --from-file=tls.key=client/client.key --from-literal=username=${kafka_user_name} --from-literal=password=${kafka_user_password} --from-literal=sasl.enable=false --from-literal=sasl.mechanisms=GSSAPI,PLAIN --from-literal=passphrase=aosqe2021 -n openshift-logging
2. create clusterloggingforwarder

    "spec": {
        "outputs": [
            {
                "name": "kafka-app",
                "secret": {
                    "name": "kafka-fluentd"
                },
                "type": "kafka",
                "url": "tls://kafka.openshift-logging.svc.cluster.local:9093/clo-topic"
            }
        ],
        "pipelines": [
            {
                "inputRefs": [
                    "application"
                ],
                "name": "test-app",
                "outputRefs": [
                    "kafka-app"
                ]
            }
        ]
    },

Actual result:

# Ship logs to specific outputs
<label @KAFKA_APP>
  <match **>
    @type kafka2
    @id kafka_app
    brokers kafka.openshift-logging.svc.cluster.local:9093
    default_topic clo-topic
    use_event_time true
    username "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/username') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/username','r') do |f|f.read end : ''}"
    password "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/password') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/password','r') do |f|f.read end : ''}"
    ssl_client_cert_key '/var/run/ocp-collector/secrets/kafka-fluentd/tls.key'
    ssl_client_cert '/var/run/ocp-collector/secrets/kafka-fluentd/tls.crt'
    ssl_ca_cert '/var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt'
    sasl_over_ssl true
    <format>
      @type json
    </format>
    <buffer clo-topic>
    ....
    </buffer>
     </match>

Expected result

# Ship logs to specific outputs
<label @KAFKA_APP>
  <match **>
    @type kafka2
    @id kafka_app
    brokers kafka.openshift-logging.svc.cluster.local:9093
    default_topic clo-topic
    use_event_time true
    username "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/username') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/username','r') do |f|f.read end : ''}"
    password "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/password') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/password','r') do |f|f.read end : ''}"
    ssl_client_cert_key '/var/run/ocp-collector/secrets/kafka-fluentd/tls.key'
    ssl_client_cert '/var/run/ocp-collector/secrets/kafka-fluentd/tls.crt'
    ssl_ca_cert '/var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt'
    sasl_over_ssl false
    passphrase aosqe2021
     sasl_scram_mechanism: 'sha256' 
      @type json
    </format>
    <buffer clo-topic>
    ....
    </buffer>
     </match>

Attachments

Issue Links

is related to

LOG-3314 [fluentd] The passphrase can not be enabled when forwarding logs to Kafka

Closed

OBSDA-352 Cluster LogForwarder to send Logs to Kafka with SASL authentication

Closed

relates to

OBSDA-298 Support for Log forward to Azure Event Hub with Vector

Activity

People

Assignee:: Unassigned

Reporter:: Anping Li

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021/10/27 12:13 PM

Updated:: 2023/05/17 8:26 AM