---
apiVersion: v1
kind: Namespace
metadata:
  name: {{ k8s_fb_namespace }}

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluent-bit
  namespace: {{ k8s_fb_namespace }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fluent-bit-read
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fluent-bit-read
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fluent-bit-read
subjects:
  - kind: ServiceAccount
    name: fluent-bit
    namespace: {{ k8s_fb_namespace }}

---
apiVersion: v1
kind: Secret
metadata:
  name: fluent-bit-auth
  namespace: {{ k8s_fb_namespace }}
type: Opaque
data:
  username: {{ k8s_fb_log_user }}
  password: {{ k8s_fb_log_password }}

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-config
  namespace: {{ k8s_fb_namespace }}
data:
  fluent-bit.conf: |
    [SERVICE]
        Flush        1
        Log_Level    error
        Parsers_File parsers.conf

    [INPUT]
        Name              tail
        Path              {{ k8s_fb_log_path }}
        Parser            docker
        Tag               kube.*
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   On

    [INPUT]
        Name              systemd
        Tag               host.journald
        Path              {{ k8s_fb_journal_path }}
        DB                /var/log/flb_journald.db
        Read_From_Tail    On

    [FILTER]
        Name              kubernetes
        Match             kube.*
        Kube_URL          https://kubernetes.default.svc:443
        Merge_Log         On
        K8S-Logging.Exclude Off
        Labels            On
        Annotations       On

    [FILTER]
        Name              modify
        Match             host.journald
        Add               log_type host
        Add               environment production

    [OUTPUT]
        Name              http
        Match             *
        Host              {{ k8s_fb_log_host }}
        Port              {{ k8s_fb_log_port }}
        URI               /insert/jsonline?_stream_fields=stream&_msg_field=log&_time_field=date
        Format            json_lines
        json_date_format  iso8601
        HTTP_User         ${FLUENTBIT_USER}
        HTTP_Passwd       ${FLUENTBIT_PASSWORD}
        tls               On

  parsers.conf: |
    [PARSER]
        Name              docker
        Format            json
        Time_Key          time
        Time_Format       %Y-%m-%dT%H:%M:%S.%L
        Time_Keep         On

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluent-bit
  namespace: {{ k8s_fb_namespace }}
  labels:
    k8s-app: fluent-bit
spec:
  selector:
    matchLabels:
      k8s-app: fluent-bit
  template:
    metadata:
      labels:
        k8s-app: fluent-bit
    spec:
      serviceAccountName: fluent-bit
      containers:
      - name: fluent-bit
        image: {{ k8s_fb_image }}
        volumeMounts:
        - name: varlog
          mountPath: {{ k8s_fb_log_path }}
        - name: journal
          mountPath: {{ k8s_fb_journal_path }}
        - name: config
          mountPath: /fluent-bit/etc/
        env:
        - name: FLUENTBIT_USER
          valueFrom:
            secretKeyRef:
              name: fluent-bit-auth
              key: username
        - name: FLUENTBIT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: fluent-bit-auth
              key: password
      terminationGracePeriodSeconds: 10
      volumes:
      - name: varlog
        hostPath:
          path: {{ k8s_fb_log_path }}
      - name: journal
        hostPath:
          path: {{ k8s_fb_journal_path }}
      - name: config
        configMap:
          name: fluent-bit-config