You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On an Openshift/Kubernetes cluster with multi tenants without general cluster admin permissions. How to give a tenant the possibility to filter and set it own outputs on logs only from their name spaces?
Tenants pods are not allowed to use hostPath volumes because this is a huge security risk. So they can not run their own fluentbit containers.
Which would be the best approach?
A fluentbit instance for every tenant in a fluent name space. They can manager their own configuration but the input will be limited to their name spaces. This can be done by an operator. The operator has to limit the input configurations so only allowed log files can be processed.
one fluentbit configuration and the tenant filter and output configurations will be merged. Seems too complicated and a faulty tenant configuration can break the main configuration and kill all the log processing.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
On an Openshift/Kubernetes cluster with multi tenants without general cluster admin permissions. How to give a tenant the possibility to filter and set it own outputs on logs only from their name spaces?
Tenants pods are not allowed to use hostPath volumes because this is a huge security risk. So they can not run their own fluentbit containers.
Which would be the best approach?
Beta Was this translation helpful? Give feedback.
All reactions