diff --git a/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml b/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml index 3ac746473c5..844a547cb1d 100644 --- a/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml +++ b/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml @@ -2,19 +2,19 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: - name: fluentd-gcp-v1.37 + name: fluentd-gcp-v1.38 namespace: kube-system labels: k8s-app: fluentd-gcp kubernetes.io/cluster-service: "true" - version: v1.37 + version: v1.38 spec: template: metadata: labels: k8s-app: fluentd-gcp kubernetes.io/cluster-service: "true" - version: v1.37 + version: v1.38 # This annotation ensures that fluentd does not get evicted if the node # supports critical pod annotation based priority scheme. # Note that this does not guarantee admission on the nodes (#40573). @@ -23,7 +23,7 @@ spec: spec: containers: - name: fluentd-gcp - image: gcr.io/google_containers/fluentd-gcp:1.37 + image: gcr.io/google_containers/fluentd-gcp:1.38 # If fluentd consumes its own logs, the following situation may happen: # fluentd fails to send a chunk to the server => writes it to the log => # tries to send this message to the server => fails to send a chunk and so on. diff --git a/cluster/addons/fluentd-gcp/fluentd-gcp-image/Makefile b/cluster/addons/fluentd-gcp/fluentd-gcp-image/Makefile index 5da8a805ec8..b154b824fcd 100644 --- a/cluster/addons/fluentd-gcp/fluentd-gcp-image/Makefile +++ b/cluster/addons/fluentd-gcp/fluentd-gcp-image/Makefile @@ -26,7 +26,7 @@ .PHONY: build push PREFIX=gcr.io/google_containers -TAG = 1.37 +TAG = 1.38 build: docker build --pull -t $(PREFIX)/fluentd-gcp:$(TAG) . diff --git a/cluster/addons/fluentd-gcp/fluentd-gcp-image/fluent.conf b/cluster/addons/fluentd-gcp/fluentd-gcp-image/fluent.conf index 5e13b5505de..775c78ccd15 100644 --- a/cluster/addons/fluentd-gcp/fluentd-gcp-image/fluent.conf +++ b/cluster/addons/fluentd-gcp/fluentd-gcp-image/fluent.conf @@ -174,6 +174,28 @@ tag kube-apiserver +# Example: +# 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="" asgroups="" namespace="default" uri="/api/v1/namespaces/default/pods" +# 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200" + + type tail + format multiline + multiline_flush_interval 5s + format_firstline /^\S+\s+AUDIT:/ + # Fields must be explicitly captured by name to be parsed into the record. + # Fields may not always be present, and order may change, so this just looks + # for a list of key="\"quoted\" value" pairs separated by spaces. + # Unknown fields are ignored. + # Note: We can't separate query/response lines as format1/format2 because + # they don't always come one after the other for a given query. + # TODO: Maybe add a JSON output mode to audit log so we can get rid of this? + format1 /^(?