Secret definition
Define secret value
Secrets can be used in logging-operator Output
definitions.
Secrets MUST be in the SAME namespace as the
Output
orClusterOutput
custom resource
Example secret definition
For debug purposes you can define secret values directly. However this is NOT recommended in production.
Define secret mount
There are cases when you can’t inject secret into the configuration because the plugin need a file to read from. For this cases you can use mountFrom
.
The operator will collect the secret and copy it to the fluentd-output
secret. The fluentd configuration will contain the secret path.
Example rendered configuration
<match **>
@type forward
tls_cert_path /fluentd/etc/secret/default-fluentd-tls-tls.crt
...
</match>
How it works?
Behind the scene the operator marks the secret with an annotation and watches it for changes as long as the annotation is present.
Example annotated secret
The annotation format is
logging.banzaicloud.io/<loggingRef>: watched
. Since thename
part of the an annotation can’t be empty thedefault
applies to emptyloggingRef
value as well.
The mount path is generated from the secret information