Modify the cri parser to store the message in the log field
What does this MR do and why?
Modify the cri parser to store the message in the log field instead of the message field, for use by the kubernetes filter
The definition of the cri parser in the fluent-bit image is:
[PARSER]
# http://rubular.com/r/tjUt3Awgg4
Name cri
Format regex
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
Time_Keep OnThis MR just replaces the last message field by the log field.
The effect is that the kubernetes field can now extract the fields from the json document for containers which use json output format.
The initial log field remains in the log message, so that it can be transmitted as a whole to an external syslog server via a ClusterOutput or Output.
It fixes the logs for all containers using json output. Enabling the json output when supported by the containers (e.g. Kyverno), will be requested by other MRs
Closes #1692 (closed)
Related reference(s)
Test coverage
Manual testing by verifying the logs in grafana:
Without the evolution, the log contains only the unreadable log field.
CI configuration
CI pipelines perform an update for both management and workload clusters, this update will NOT perform a ClusterAPI rolling update (deletion and creation of new K8s nodes) by default.
For some cases, it may be relevant to perform more complex tests.
Theses features can be activated in an MR by adding one of these labels to the MR and will apply to the next pipelines.
- adding the label ci-featuretest-rolling-update pipelines will perform a node rolling update in the
-updatejobs (without version upgrades) - adding the label ci-featuretest-upgrade-from-1.1.1 pipelines will perform an upgrade from Sylva 1.1.1 to your dev branch (including a k8s version upgrade resulting in a node rolling update)