From ca83eccc47b23d328db9c3fdc5ad57a17349c4c5 Mon Sep 17 00:00:00 2001
From: Diaa Sami <disami@redhat.com>
Date: Thu, 5 May 2022 13:40:48 +0200
Subject: [PATCH] templates/composer: add fluentd sidecar

The sidecar receives logs from the service and forwards them to Splunk
HEC
---
 templates/composer.yml | 51 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/templates/composer.yml b/templates/composer.yml
index a6b0e670d..9eb145fb2 100644
--- a/templates/composer.yml
+++ b/templates/composer.yml
@@ -94,6 +94,8 @@ objects:
             value: "${PGSSLMODE}"
           - name: PGMAXCONNS
             value: "${PGMAXCONNS}"
+          - name: SYSLOG_SERVER
+            value: "localhost:5140"
           ports:
           - name: composer-api
             protocol: TCP
@@ -109,6 +111,32 @@ objects:
             mountPath: "/var/lib/osbuild-composer"
           - name: cache-directory
             mountPath: "/var/cache/osbuild-composer"
+        - image: "fluentd-hec:1.2.13"
+          name: fluentd-sidecar
+          resources:
+            requests:
+              cpu: "${CPU_REQUEST}"
+              memory: "${MEMORY_REQUEST}"
+            limits:
+              cpu: "${CPU_REQUEST}"
+              memory: "${MEMORY_LIMIT}"
+          env:
+            - name: SPLUNK_HEC_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: splunk
+                  key: token
+                  optional: false
+            - name: SPLUNK_HEC_URL
+              valueFrom:
+                secretKeyRef:
+                  name: splunk
+                  key: url
+                  optional: false
+          volumeMounts:
+            - name: fluentd-config
+              mountPath: /fluentd/etc
+              readOnly: true
         volumes:
         - name: composer-config
           configMap:
@@ -224,7 +252,30 @@ objects:
       jwt_keys_urls = ["${RH_SSO_BASE_URL}/protocol/openid-connect/certs", "${MAS_SSO_BASE_URL}/protocol/openid-connect/certs"]
       jwt_acl_file = "${COMPOSER_CONFIG_DIR}/acl.yml"
       jwt_tenant_provider_fields = ["rh-org-id", "account_id"]
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: fluentd-config
+  data:
+    fluent.conf: |
+      <source>
+        @type syslog
+        port 5140
+        bind 127.0.0.1
+        <transport tcp>
+        </transport>
+        tag osbuild-composer
+        <parse>
+          time_format %Y-%m-%dT%H:%M:%SZ
+        </parse>
+      </source>
 
+      <match **>
+        @type splunk_hec
+        hec_host "#{ENV['SPLUNK_HEC_URL']}"
+        hec_port 8088
+        hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
+      </match>
 - apiVersion: batch/v1
   kind: CronJob
   metadata: