Initial public release (#1)

* Adds LICENSE

* Initial code sync

* Updates workflow

* Github repository to lowercase

* Extra step for better results

* More explicit naming stuff

* Remove ghcr prefix

* Updates versions

* Adds missing permissions

* Maybe fixes perms

* Updates dockerfile

.github/workflows/publish.yml

@@ -0,0 +1,30 @@
+name: publish
+on:
+  release:
+    types: [published]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2.5.0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Lowercase repository name
+        run: echo "REPO_LC=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
+      - name: Build container image
+        uses: docker/build-push-action@v4.0.0
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ env.REPO_LC }}/app:${{ github.event.release.tag_name }}
+            ghcr.io/${{ env.REPO_LC }}/app:latest

Dockerfile

@@ -0,0 +1,53 @@
+#
+# Fail-Safe Kubernetes log forwarder
+# Copyright (C) 2023 Fail-Safe IT Solutions Oy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://github.com/FI23580407/FI23580407/blob/main/LICENSE>.
+#
+#
+# Additional permission under GNU Affero General Public License version 3
+# section 7
+#
+# If you modify this Program, or any covered work, by linking or combining it with
+# other code, such other code is not for that reason alone subject to any of the
+# requirements of the GNU Affero GPL version 3 as long as this Program is the same
+# Program as licensed from Fail-Safe IT Solutions Oy without any additional
+# modifications.
+#
+# Supplemented terms under GNU Affero General Public License version 3
+# section 7
+#
+# Origin of the software must be attributed to Fail-Safe IT Solutions Oy.
+# Any modified versions must be marked as "Modified version of" The Program.
+#
+# Names of the licensors and authors may not be used for publicity purposes.
+#
+# No rights are granted for use of trade names, trademarks, or service marks
+# which are in The Program if any.
+#
+# Licensee must indemnify licensors and authors for any liability that these
+# contractual assumptions impose on licensors and authors.
+
+FROM rockylinux:8
+VOLUME /config
+VOLUME /opt/Fail-Safe/kubernetes-forwarder/var
+ADD https://cfengine-package-repos.s3.amazonaws.com/community_binaries/cfengine-community-3.9.1-1.x86_64.rpm /cfengine-community.rpm
+COPY docker-entrypoint.sh /
+RUN dnf -y install jq rsyslog rsyslog-relp rsyslog-mmkubernetes rsyslog-mmjsonparse nss_nis /cfengine-community.rpm \
+  && rm -f /cfengine-community.rpm \
+  && dnf clean all \
+  && chmod +x /docker-entrypoint.sh
+COPY src/main/cfengine/ /cfe-32/
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD [""]

docker-entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+if [ ! -f /config/config.json ]; then
+    echo "Missing configuration files at /config";
+    exit 1;
+fi;
+
+jq --arg dirs "/opt/Fail-Safe/kubernetes-forwarder/" '.dirs.var=($dirs + "var") | .dirs.etc=($dirs + "etc")' /config/config.json > /cfe-32/config/config.json;
+cf-agent -Kf /cfe-32/kubernetes_forwarder.cf -b kubernetes_forwarder:kubernetes_forwarder;
+
+/usr/sbin/rsyslogd -f /opt/Fail-Safe/kubernetes-forwarder/etc/rsyslog.conf -N9
+exec /usr/sbin/rsyslogd -f /opt/Fail-Safe/kubernetes-forwarder/etc/rsyslog.conf -iNONE -n

src/main/cfengine/config/config.json.example

@@ -0,0 +1,46 @@
+{
+  "dirs": {
+    "etc": "/opt/Fail-Safe/kubernetes-forwarder/etc",
+    "var": "/opt/Fail-Safe/kubernetes-forwarder/var"
+  },
+  "kubernetes": {
+    "logdir": "/var/log/containers",
+    "url": "https://127.0.0.1:8443",
+    "tokenfile": "/var/run/secrets/kubernetes.io/serviceaccount/token",
+    "cacert": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+    "skipverifyhost": "off",
+    "cacheexpireinterval": "0",
+    "cacheentryttl": "3600",
+    "labels": {
+      "hostname": {
+        "prefix": "example-host-",
+        "label": "label-for-hostname",
+        "fallback": "fallback-hostname"
+      },
+      "appname": {
+        "prefix": "example-tag-",
+        "label": "label-for-appname",
+        "fallback": "fallback-appname"
+      }
+    },
+    "logfiles": [
+      "example-service_default_init*",
+      "example-service_default_function*",
+      "catch-almost-all_*"
+    ]
+  },
+  "omrelp": {
+    "target": "127.0.0.1",
+    "name": "127.0.0.1",
+    "port": "601",
+    "rebindinterval": "10000000",
+    "resumeinterval": "10",
+    "resumeintervalmax": "60"
+  },
+  "metrics": {
+    "send": {
+      "port": "9514",
+      "target": "127.0.0.1"
+    }
+  }
+}

src/main/cfengine/kubernetes_forwarder.cf

@@ -0,0 +1,105 @@
+#
+# Fail-Safe Kubernetes log forwarder
+# Copyright (C) 2023 Fail-Safe IT Solutions Oy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://github.com/FI23580407/FI23580407/blob/main/LICENSE>.
+#
+#
+# Additional permission under GNU Affero General Public License version 3
+# section 7
+#
+# If you modify this Program, or any covered work, by linking or combining it with
+# other code, such other code is not for that reason alone subject to any of the
+# requirements of the GNU Affero GPL version 3 as long as this Program is the same
+# Program as licensed from Fail-Safe IT Solutions Oy without any additional
+# modifications.
+#
+# Supplemented terms under GNU Affero General Public License version 3
+# section 7
+#
+# Origin of the software must be attributed to Fail-Safe IT Solutions Oy.
+# Any modified versions must be marked as "Modified version of" The Program.
+#
+# Names of the licensors and authors may not be used for publicity purposes.
+#
+# No rights are granted for use of trade names, trademarks, or service marks
+# which are in The Program if any.
+#
+# Licensee must indemnify licensors and authors for any liability that these
+# contractual assumptions impose on licensors and authors.
+
+body file control
+{
+        namespace => "kubernetes_forwarder";
+}
+
+bundle agent kubernetes_forwarder {
+  vars:
+      "config" data => readdata("$(this.promise_dirname)/config/config.json", "JSON"),
+        if => fileexists("$(this.promise_dirname)/config/config.json");
+  files:
+      "$(config[dirs][var])/."
+        create => "true",
+        if => isvariable("config[dirs][var]"),
+        handle => "var_done";
+      "$(config[dirs][etc])/."
+        create => "true",
+        if => isvariable("config[dirs][etc]"),
+        handle => "etc_done";
+      "$(config[dirs][etc])/rsyslog.conf"
+        create => "true",
+        edit_template => "$(this.promise_dirname)/templates/rsyslog.conf.mustache",
+        template_method => "mustache",
+        template_data => mergedata(@(config), '{"hostname": "$(sys.fqhost)"}'),
+        if => and(
+                   isvariable("config[dirs][etc]"),
+                   isdir("$(config[dirs][etc])")
+        ),
+        classes => if_repaired("rsyslog_config_repaired"),
+        depends_on => { "var_done", "etc_done" };
+      "$(config[dirs][etc])/rsyslog.d/."
+        create => "true",
+        if => isvariable("config[dirs][etc]"),
+        handle => "rsyslog_d_done";
+      "$(config[dirs][etc])/rsyslog.d/kubernetes.rulebase"
+        create => "true",
+        edit_template => "$(this.promise_dirname)/templates/rsyslog.d/kubernetes.rulebase.mustache",
+        template_method => "mustache",
+        template_data => @(config),
+        if => and(
+                   isvariable("config[dirs][etc]"),
+                   isdir("$(config[dirs][etc])/rsyslog.d")
+        ),
+        classes => if_repaired("kubernetes_config_repaired"),
+        depends_on => { "rsyslog_d_done" };
+  reports:
+      "[ERROR] Can't parse config.json"
+        if => not(isvariable("config"));
+      "[ERROR] Can't find config.json"
+        if => not(fileexists("$(this.promise_dirname)/config/config.json"));
+      "[INFO] Repaired rsyslog.conf"
+        if => "rsyslog_config_repaired";
+      "[INFO] Repaired kubernetes.rulebase"
+        if => "kubernetes_config_repaired";
+}
+
+body classes if_repaired(class) {
+        promise_repaired => { "$(class)" };
+}
+
+body perms set_perms(mode) {
+        mode => "$(mode)";
+        owners => { "root" };
+        groups => { "root" };
+}