@@ -31,11 +31,14 @@ import (
3131 prometheusOperator "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
3232 "github.com/spf13/cast"
3333 appsv1 "k8s.io/api/apps/v1"
34+ batchv1 "k8s.io/api/batch/v1"
3435 corev1 "k8s.io/api/core/v1"
36+ rbacv1 "k8s.io/api/rbac/v1"
3537 apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
3638 "k8s.io/apimachinery/pkg/fields"
3739 "k8s.io/apimachinery/pkg/labels"
3840 "k8s.io/apimachinery/pkg/runtime"
41+ "k8s.io/apimachinery/pkg/selection"
3942 clientgoscheme "k8s.io/client-go/kubernetes/scheme"
4043 _ "k8s.io/client-go/plugin/pkg/client/auth"
4144 "k8s.io/klog/v2"
@@ -48,6 +51,8 @@ import (
4851 "sigs.k8s.io/controller-runtime/pkg/webhook"
4952 "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
5053
54+ telemetryv1alpha1 "github.com/kube-logging/telemetry-controller/api/telemetry/v1alpha1"
55+
5156 extensionsControllers "github.com/kube-logging/logging-operator/controllers/extensions"
5257 loggingControllers "github.com/kube-logging/logging-operator/controllers/logging"
5358 extensionsv1alpha1 "github.com/kube-logging/logging-operator/pkg/sdk/extensions/api/v1alpha1"
@@ -56,7 +61,6 @@ import (
5661 loggingv1beta1 "github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1"
5762 "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/types"
5863 "github.com/kube-logging/logging-operator/pkg/webhook/podhandler"
59- telemetryv1alpha1 "github.com/kube-logging/telemetry-controller/api/telemetry/v1alpha1"
6064 // +kubebuilder:scaffold:imports
6165)
6266
@@ -84,6 +88,8 @@ func main() {
8488 var enableprofile bool
8589 var namespace string
8690 var loggingRef string
91+ var watchLabeledChildren bool
92+ var watchLabeledSecrets bool
8793 var finalizerCleanup bool
8894 var enableTelemetryControllerRoute bool
8995 var klogLevel int
@@ -98,6 +104,8 @@ func main() {
98104 flag .BoolVar (& enableprofile , "pprof" , false , "Enable pprof" )
99105 flag .StringVar (& namespace , "watch-namespace" , "" , "Namespace to filter the list of watched objects" )
100106 flag .StringVar (& loggingRef , "watch-logging-name" , "" , "Logging resource name to optionally filter the list of watched objects based on which logging they belong to by checking the app.kubernetes.io/managed-by label" )
107+ flag .BoolVar (& watchLabeledChildren , "watch-labeled-children" , false , "Only watch child resources with logging operator's name label selector: app.kubernetes.io/name: fluentd|fluentbit|syslog-ng" )
108+ flag .BoolVar (& watchLabeledSecrets , "watch-labeled-secrets" , false , "Only watch secrets with the following label selector: logging.banzaicloud.io/watch: enabled" )
101109 flag .BoolVar (& finalizerCleanup , "finalizer-cleanup" , false , "Remove finalizers from Logging resources during operator shutdown, useful for Helm uninstallation" )
102110 flag .BoolVar (& enableTelemetryControllerRoute , "enable-telemetry-controller-route" , false , "Enable the Telemetry Controller route for Logging resources" )
103111 flag .StringVar (& syncPeriod , "sync-period" , "" , "SyncPeriod determines the minimum frequency at which watched resources are reconciled. Defaults to 10 hours. Parsed using time.ParseDuration." )
@@ -152,7 +160,12 @@ func main() {
152160 mgrOptions .WebhookServer = webhookServer
153161 }
154162
155- customMgrOptions , err := setupCustomCache (& mgrOptions , syncPeriod , namespace , loggingRef )
163+ customMgrOptions , err := setupCustomCache (& mgrOptions , syncPeriod , namespace , loggingRef , watchLabeledChildren )
164+ if watchLabeledSecrets {
165+ customMgrOptions .Cache .ByObject [& corev1.Secret {}] = cache.ByObject {
166+ Label : labels.Set {"logging.banzaicloud.io/watch" : "enabled" }.AsSelector (),
167+ }
168+ }
156169 if err != nil {
157170 setupLog .Error (err , "unable to set up custom cache settings" )
158171 os .Exit (1 )
@@ -312,7 +325,7 @@ func detectContainerRuntime(ctx context.Context, c client.Reader) error {
312325 return nil
313326}
314327
315- func setupCustomCache (mgrOptions * ctrl.Options , syncPeriod string , namespace string , loggingRef string ) (* ctrl.Options , error ) {
328+ func setupCustomCache (mgrOptions * ctrl.Options , syncPeriod string , namespace string , loggingRef string , watchLabeledChildren bool ) (* ctrl.Options , error ) {
316329 if syncPeriod != "" {
317330 duration , err := time .ParseDuration (syncPeriod )
318331 if err != nil {
@@ -321,7 +334,7 @@ func setupCustomCache(mgrOptions *ctrl.Options, syncPeriod string, namespace str
321334 mgrOptions .Cache .SyncPeriod = & duration
322335 }
323336
324- if namespace == "" && loggingRef == "" {
337+ if namespace == "" && loggingRef == "" && ! watchLabeledChildren {
325338 return mgrOptions , nil
326339 }
327340
@@ -333,13 +346,56 @@ func setupCustomCache(mgrOptions *ctrl.Options, syncPeriod string, namespace str
333346 if loggingRef != "" {
334347 labelSelector = labels.Set {"app.kubernetes.io/managed-by" : loggingRef }.AsSelector ()
335348 }
349+ if watchLabeledChildren {
350+ if labelSelector == nil {
351+ labelSelector = labels .NewSelector ()
352+ }
353+ // It would be much better to watch for a common label, but we don't have that yet.
354+ // Adding a new label would recreate statefulsets and daemonsets which would be undesirable.
355+ // Let's see how this works in the wild. We can optimize in a subsequent iteration.
356+ req , err := labels .NewRequirement ("app.kubernetes.io/name" , selection .In , []string {
357+ "fluentd" , "syslog-ng" , "fluentbit" ,
358+ })
359+ if err != nil {
360+ return nil , err
361+ }
362+ labelSelector = labelSelector .Add (* req )
363+ }
336364
337365 mgrOptions .Cache = cache.Options {
338366 ByObject : map [client.Object ]cache.ByObject {
339367 & corev1.Pod {}: {
340368 Field : namespaceSelector ,
341369 Label : labelSelector ,
342370 },
371+ & batchv1.Job {}: {
372+ Field : namespaceSelector ,
373+ Label : labelSelector ,
374+ },
375+ & corev1.Service {}: {
376+ Field : namespaceSelector ,
377+ Label : labelSelector ,
378+ },
379+ & rbacv1.Role {}: {
380+ Field : namespaceSelector ,
381+ Label : labelSelector ,
382+ },
383+ & rbacv1.ClusterRole {}: {
384+ Field : namespaceSelector ,
385+ Label : labelSelector ,
386+ },
387+ & rbacv1.RoleBinding {}: {
388+ Field : namespaceSelector ,
389+ Label : labelSelector ,
390+ },
391+ & rbacv1.ClusterRoleBinding {}: {
392+ Field : namespaceSelector ,
393+ Label : labelSelector ,
394+ },
395+ & corev1.ServiceAccount {}: {
396+ Field : namespaceSelector ,
397+ Label : labelSelector ,
398+ },
343399 & appsv1.DaemonSet {}: {
344400 Field : namespaceSelector ,
345401 Label : labelSelector ,
@@ -356,6 +412,10 @@ func setupCustomCache(mgrOptions *ctrl.Options, syncPeriod string, namespace str
356412 Field : namespaceSelector ,
357413 Label : labelSelector ,
358414 },
415+ & corev1.ConfigMap {}: {
416+ Field : namespaceSelector ,
417+ Label : labelSelector ,
418+ },
359419 },
360420 }
361421
0 commit comments