fluent-plugin-papertrail 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: f429bfeb54532e0b7dbc5c8763f2f921c401b3e4a8ec1e77cdbbbf5a6384f91d
-  data.tar.gz: a4e63376cd325b8244c0fc0f5213a1deb071bbdd587e2aa9b4220b34560656a0
+SHA1:
+  metadata.gz: 13f071d87f88a75ef2453e21eafd29feebff7b91
+  data.tar.gz: 4abf3a957a68b902098a944577a1d2c3c5ec75ca
 SHA512:
-  metadata.gz: 50a9f91d9bdec204c08eae8a2e7b3b57dc236d8688f4d77575fd0e5723e3faf21d0ce8a73368d092664b36ded3df1d6e0db60fde2b842ed43ba1f7d1e0e76fe1
-  data.tar.gz: 2f85bcaa56654e00e17918907d3c49dbbe0fafa0923dec3b9f99eedcad7b57b376ba5a48433ceda3262b5f0974126cf4db377a116cb92016ef73ccfa428e5ec0
+  metadata.gz: 9fcdbd9fd6d970117b86d27c6455019ce459da0a5315521e37c0f0ddf21d5d182f2f5cbbd8de785cefb44ac744a70d667432cc887cf54ad9859a0c647a401378
+  data.tar.gz: 18dfa2b58cae05762579db20ddff31dbee6efc3b40f42797cdff7d5e9e41b42e4a98dca5a07c1b635f11b3b7d84ddbba929e10dae075c53dc16da595d7fd261f

data/.circleci/config.yml

@@ -7,7 +7,7 @@ jobs:
   build:
     docker:
       # specify the version you desire here
-       - image: circleci/ruby:2.3.6
+       - image: circleci/ruby:2.4.3
       
       # Specify service dependencies here if necessary
       # CircleCI maintains a library of pre-built images

data/Makefile

@@ -1,25 +1,16 @@
 REPO_NAME=fluent-plugin-papertrail
-SCRATCH_CONTAINER_DOCKERFILE=Dockerfile.scratch
-SCRATCH_IMAGE_NAME=${REPO_NAME}_scratch
-SCRATCH_CONTAINER_NAME=${REPO_NAME}_scratch
-SCRATCH_CONTAINER_DOCKER_OPTS=--rm -v $(PWD):/home -v $(PWD)/vendor/bundle:/usr/local/bundle -w=/home
 
-build-image-scratch:
-	docker build --file ${SCRATCH_CONTAINER_DOCKERFILE} --tag ${SCRATCH_IMAGE_NAME} .
+bundle:
+	bundle install
 
-install: build-image-scratch
-	docker run ${SCRATCH_CONTAINER_DOCKER_OPTS} --name ${SCRATCH_CONTAINER_NAME} ${SCRATCH_IMAGE_NAME} bundle install
+test: bundle
+	bundle exec rake test
 
-test: install
-	docker run ${SCRATCH_CONTAINER_DOCKER_OPTS} --name ${SCRATCH_CONTAINER_NAME} ${SCRATCH_IMAGE_NAME} bundle exec rake test
-
-release: install
+release: bundle
 	rm -rf ${REPO_NAME}-*.gem
-	docker run ${SCRATCH_CONTAINER_DOCKER_OPTS} --name ${SCRATCH_CONTAINER_NAME} ${SCRATCH_IMAGE_NAME} bundle exec gem build ${REPO_NAME}.gemspec
-	docker run -it ${SCRATCH_CONTAINER_DOCKER_OPTS} --name ${SCRATCH_CONTAINER_NAME} ${SCRATCH_IMAGE_NAME} bundle exec gem push ${REPO_NAME}-*.gem
-
-clean:
-	docker rm ${SCRATCH_CONTAINER_NAME}
+	bundle exec gem build ${REPO_NAME}.gemspec
+	bundle exec gem push ${REPO_NAME}-*.gem
 
-clean-image-scratch:
-	docker rmi -f ${SCRATCH_IMAGE_NAME}
+release-docker:
+	cd docker; docker build -t quay.io/solarwinds/fluentd-kubernetes:$(TAG) .
+	docker push quay.io/solarwinds/fluentd-kubernetes:$(TAG)

data/README.md

@@ -1,6 +1,10 @@
 # Fluent::Plugin::Papertrail
 
-Welcome to the Papertrail Fluentd plugin!
+[![Gem Version](https://badge.fury.io/rb/fluent-plugin-papertrail.svg)](https://badge.fury.io/rb/fluent-plugin-papertrail) [![Docker Repository on Quay](https://quay.io/repository/solarwinds/fluentd-kubernetes/status "Docker Repository on Quay")](https://quay.io/repository/solarwinds/fluentd-kubernetes) [![CircleCI](https://circleci.com/gh/solarwinds/fluent-plugin-papertrail/tree/master.svg?style=shield)](https://circleci.com/gh/solarwinds/fluent-plugin-papertrail/tree/master)
+
+## Description
+
+This repository contains the Fluentd Papertrail Output Plugin and the Docker and Kubernetes assets for deploying that combined Fluentd, Papertrail, Kubernetes log aggregation toolset to your cluster.
 
 ## Installation
 
@@ -57,7 +61,7 @@ the [fluent-plugin-kubernetes_metadata_filter](https://github.com/fabric8io/flue
 ```
 
 ### Advanced Configuration
-This plugin inherits a few useful config parameters from Fluent's BufferedOutput class.
+This plugin inherits a few useful config parameters from Fluent's `BufferedOutput` class.
 
 Parameters for flushing the buffer, based on size and time, are `buffer_chunk_limit` and `flush_interval`, respectively. This plugin overrides the inherited default `flush_interval` to `1`, causing the fluent buffer to flush to Papertrail every second. 
 
@@ -74,23 +78,39 @@ If you want to change any of these parameters simply add them to a match stanza.
 </match>
 ```
 
+## Kubernetes
+
+This repo also includes Kubernetes and Docker assets which do all of the heavy lifting for you.
+
+If you'd like to deploy this plugin as a DaemonSet to your Kubernetes cluster, just adjust the `FLUENT_*` environment variables in `kubernetes/fluentd-daemonset-papertrail.yaml` and push it to your cluster with:
+
+```
+kubectl apply -f kubernetes/fluentd-daemonset-papertrail.yaml
+```
+
+The Dockerfile that generates [the image used in this DaemonSet](https://quay.io/repository/solarwinds/fluentd-kubernetes), can be found at `docker/Dockerfile`.
+
 ## Development
 
-We use git, Make and Docker. 
-We have a [Dockerfile](Dockerfile.scratch) where we build a scratch image that contains all the dependencies.
-We have a [Makefile](Makefile) to wrap the common functions and make life easier.
+This plugin is targeting Ruby 2.4 and Fluentd v1.0, although it should work with older versions of both.
 
-### Install
-`make install`
+We have a [Makefile](Makefile) to wrap common functions and make life easier.
+
+### Install Dependencies
+`make bundle`
 
 ### Test
 `make test`
 
-### Release in [RubyGems](RubyGems.org)
-To release a new version, update the version number in the [Makefile](Makefile) and then, run:
+### Release in [RubyGems](https://rubygems.org/gems/fluent-plugin-papertrail)
+To release a new version, update the version number in the [GemSpec](fluent-plugin-papertrail.gemspec) and then, run:
 
 `make release`
 
+### Release in [Quay.io](https://quay.io/repository/solarwinds/fluentd-kubernetes)
+
+`make release-docker TAG=$(VERSION)`
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/solarwinds/fluent-plugin-papertrail.

data/docker/Dockerfile

@@ -0,0 +1,50 @@
+FROM fluent/fluentd:v1.1.1-debian
+
+USER root
+WORKDIR /home/fluent
+ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
+
+RUN buildDeps="sudo make gcc g++ libc-dev ruby-dev libffi-dev" \
+     && apt-get update \
+     && apt-get upgrade -y \
+     && apt-get install \
+     -y --no-install-recommends \
+     $buildDeps \
+    && echo 'gem: --no-document' >> /etc/gemrc \
+    && gem install fluent-plugin-secure-forward \
+    && gem install fluent-plugin-record-reformer \
+    && gem install fluent-plugin-systemd -v 0.3.1 \
+    && gem install fluent-plugin-rewrite-tag-filter -v 1.6.0 \
+    && gem install fluent-plugin-papertrail -v 0.1.2.pre.dev \
+    && gem install fluent-plugin-kubernetes_metadata_filter \
+    && gem install ffi \
+    && SUDO_FORCE_REMOVE=yes \
+    apt-get purge -y --auto-remove \
+                  -o APT::AutoRemove::RecommendsImportant=false \
+                  $buildDeps \
+    && rm -rf /var/lib/apt/lists/* \
+    && gem sources --clear-all \
+    && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
+
+# Copy configuration files
+COPY ./conf/fluent.conf /fluentd/etc/
+COPY ./conf/systemd.conf /fluentd/etc/
+COPY ./conf/kubernetes.conf /fluentd/etc/
+
+# Copy plugins
+COPY plugins /fluentd/plugins/
+
+# Environment variables
+ENV FLUENTD_OPT=""
+ENV FLUENTD_CONF="fluent.conf"
+
+# jemalloc is memory optimization only available for td-agent
+# td-agent is provided and QA'ed by treasuredata as rpm/deb/.. package
+# -> td-agent (stable) vs fluentd (edge)
+#ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2"
+
+# Overriding entrypoint, otherwise parent image causes to run as user fluent
+ENTRYPOINT []
+
+# Run Fluentd
+CMD exec fluentd -c /fluentd/etc/$FLUENTD_CONF -p /fluentd/plugins $FLUENTD_OPT

data/docker/conf/fluent.conf

@@ -0,0 +1,18 @@
+@include systemd.conf
+@include kubernetes.conf
+
+## Capture audit logs
+#<match kube-apiserver-audit>
+#  type papertrail
+#
+#  papertrail_host "#{ENV['FLUENT_PAPERTRAIL_AUDIT_HOST']}"
+#  papertrail_port "#{ENV['FLUENT_PAPERTRAIL_AUDIT_PORT']}"
+#</match>
+
+<match **>
+  type papertrail
+
+  papertrail_host "#{ENV['FLUENT_PAPERTRAIL_HOST']}"
+  papertrail_port "#{ENV['FLUENT_PAPERTRAIL_PORT']}"
+
+</match>

data/docker/conf/kubernetes.conf

@@ -0,0 +1,169 @@
+<match fluent.**>
+  type null
+</match>
+
+<source>
+  type tail
+  path /var/log/containers/*.log
+  pos_file /var/log/fluentd-containers.log.pos
+  time_format %Y-%m-%dT%H:%M:%S.%NZ
+  tag kubernetes.*
+  format json
+  read_from_head true
+</source>
+
+<source>
+  type tail
+  format /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
+  time_format %Y-%m-%d %H:%M:%S
+  path /var/log/salt/minion
+  pos_file /var/log/fluentd-salt.pos
+  tag salt
+</source>
+
+<source>
+  type tail
+  format syslog
+  path /var/log/startupscript.log
+  pos_file /var/log/fluentd-startupscript.log.pos
+  tag startupscript
+</source>
+
+<source>
+  type tail
+  format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+  path /var/log/docker.log
+  pos_file /var/log/fluentd-docker.log.pos
+  tag docker
+</source>
+
+<source>
+  type tail
+  format none
+  path /var/log/etcd.log
+  pos_file /var/log/fluentd-etcd.log.pos
+  tag etcd
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/kubelet.log
+  pos_file /var/log/fluentd-kubelet.log.pos
+  tag kubelet
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/kube-proxy.log
+  pos_file /var/log/fluentd-kube-proxy.log.pos
+  tag kube-proxy
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/kube-apiserver.log
+  pos_file /var/log/fluentd-kube-apiserver.log.pos
+  tag kube-apiserver
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/kube-controller-manager.log
+  pos_file /var/log/fluentd-kube-controller-manager.log.pos
+  tag kube-controller-manager
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/kube-scheduler.log
+  pos_file /var/log/fluentd-kube-scheduler.log.pos
+  tag kube-scheduler
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/rescheduler.log
+  pos_file /var/log/fluentd-rescheduler.log.pos
+  tag rescheduler
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/glbc.log
+  pos_file /var/log/fluentd-glbc.log.pos
+  tag glbc
+</source>
+
+<source>
+  type tail
+  format kubernetes
+  multiline_flush_interval 5s
+  path /var/log/cluster-autoscaler.log
+  pos_file /var/log/fluentd-cluster-autoscaler.log.pos
+  tag cluster-autoscaler
+</source>
+
+# Example:
+# 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods"
+# 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200"
+<source>
+  type tail
+  format multiline
+  multiline_flush_interval 5s
+  format_firstline /^\S+\s+AUDIT:/
+  # Fields must be explicitly captured by name to be parsed into the record.
+  # Fields may not always be present, and order may change, so this just looks
+  # for a list of key="\"quoted\" value" pairs separated by spaces.
+  # Unknown fields are ignored.
+  # Note: We can't separate query/response lines as format1/format2 because
+  #       they don't always come one after the other for a given query.
+  format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/
+  time_format %FT%T.%L%Z
+  path /var/log/kubernetes/kube-apiserver-audit.log
+  pos_file /var/log/kube-apiserver-audit.log.pos
+  tag kube-apiserver-audit
+</source>
+
+<filter kubernetes.**>
+  type kubernetes_metadata
+</filter>
+
+<filter kube-apiserver-audit>
+  type record_transformer
+  enable_ruby true
+  <record>
+    hostname #{ENV['FLUENT_HOSTNAME']}
+    program kube-apiserver-audit
+    severity info
+    facility local0
+    message ${record}
+  </record>
+</filter>
+
+# append namespace and pod name to hostname, so that logs in Papertrail are filterable by each
+# use container name as program name, but trim it to 32 characters to match remote_syslog spec
+<filter kubernetes.**>
+  type record_transformer
+  enable_ruby true
+  <record>
+    hostname #{ENV['FLUENT_HOSTNAME']}-${record["kubernetes"]["namespace_name"]}-${record["kubernetes"]["pod_name"]}
+    program ${record["kubernetes"]["container_name"][0..31]}
+    severity info
+    facility local0
+    message ${record['log']}
+  </record>
+</filter>

data/docker/conf/systemd.conf

@@ -0,0 +1,51 @@
+<source>
+  @type systemd
+  pos_file /var/log/fluentd-journald-systemd.pos
+  read_from_head true
+  strip_underscores true
+  tag systemd
+</source>
+
+# rewrite tags as systemd.* for the specefic SYSTEMD_UNIT, then we can filter specifically on kubelet and docker below
+<match systemd>
+  @type rewrite_tag_filter
+  rewriterule1 SYSTEMD_UNIT   ^kubelet.service$  systemd.kubelet
+  rewriterule2 SYSTEMD_UNIT   ^docker.service$   systemd.docker
+</match>
+
+# toss all other systemd logs in the bin
+<match systemd>
+  @type null
+</match>
+
+# transform systemd logs to Papertrail format
+<filter systemd.kubelet>
+  @type record_transformer
+  enable_ruby true
+  <record>
+    hostname "#{ENV['FLUENT_HOSTNAME']}-${record['HOSTNAME']}"
+    program kubelet
+    severity info
+    facility local0
+    message ${record['MESSAGE']}
+  </record>
+</filter>
+
+<filter systemd.docker>
+  type parser
+  format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+  reserve_data true
+  key_name MESSAGE
+  suppress_parse_error_log true
+</filter>
+
+<filter systemd.docker>
+  @type record_transformer
+  enable_ruby true
+  <record>
+    hostname "#{ENV['FLUENT_HOSTNAME']}-${record['HOSTNAME']}"
+    program docker
+    severity info
+    facility local0
+  </record>
+</filter>

data/docker/plugins/parser_kubernetes.rb

@@ -0,0 +1,65 @@
+#
+# Fluentd
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+
+# The following Fluentd parser plugin, aims to simplify the parsing of multiline
+# logs found in Kubernetes nodes. Since many log files shared the same format and
+# in order to simplify the configuration, this plugin provides a 'kubernetes' format
+# parser (built on top of MultilineParser).
+#
+# When tailing files, this 'kubernetes' format should be applied to the following
+# log file sources:
+#
+#  - /var/log/kubelet.log
+#  - /var/log/kube-proxy.log
+#  - /var/log/kube-apiserver.log
+#  - /var/log/kube-controller-manager.log
+#  - /var/log/kube-scheduler.log
+#  - /var/log/rescheduler.log
+#  - /var/log/glbc.log
+#  - /var/log/cluster-autoscaler.log
+#
+# Usage:
+#
+# ---- fluentd.conf ----
+#
+# <source>
+#    type tail
+#    format kubernetes
+#    path ./kubelet.log
+#    read_from_head yes
+#    tag kubelet
+# </source>
+#
+# ----   EOF       ---
+
+require 'fluent/parser'
+
+module Fluent
+  class KubernetesParser < Fluent::TextParser::MultilineParser
+    Fluent::Plugin.register_parser("kubernetes", self)
+
+    CONF_FORMAT_FIRSTLINE = %q{/^\w\d{4}/}
+    CONF_FORMAT1 = %q{/^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/}
+    CONF_TIME_FORMAT = "%m%d %H:%M:%S.%N"
+
+    def configure(conf)
+      conf['format_firstline'] = CONF_FORMAT_FIRSTLINE
+      conf['format1'] = CONF_FORMAT1
+      conf['time_format'] = CONF_TIME_FORMAT
+      super
+    end
+  end
+end

data/fluent-plugin-papertrail.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-papertrail"
-  spec.version       = "0.1.1"
+  spec.version       = "0.1.2"
   spec.authors       = ["Jonathan Lozinski", "Alex Ouzounis", "Chris Rust"]
   spec.email         = ["jonathan.lozinski@solarwinds.com", "alex.ouzounis@solarwinds.com", "chris.rust@solarwinds.com"]
 
@@ -20,8 +20,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "fluentd", "~> 0.10.45"
-  spec.add_dependency "fluent-mixin-config-placeholders", "~> 0.2.0"
+  spec.add_dependency "fluentd", '>= 0.10', '< 2'
+  spec.add_dependency "fluent-mixin-config-placeholders", "~> 0.4.0"
   spec.add_dependency "syslog_protocol"
 
   spec.add_development_dependency "bundler", "~> 1.12"

data/kubernetes/fluentd-daemonset-papertrail.yaml

@@ -0,0 +1,96 @@
+# Uncomment sections below to allow audit logs to go to a separate host
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: fluentd-papertrail-global-logging
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+    version: v1
+    kubernetes.io/cluster-service: "true"
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: fluentd-logging
+        version: v1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      containers:
+      - name: fluentd
+        image: quay.io/solarwinds/fluentd-kubernetes:v0.12.33-debian-papertrail
+        imagePullPolicy: Always
+        env:
+          - name: FLUENT_PAPERTRAIL_HOST
+            value: 'logsN.papertrailapp.com'
+          - name: FLUENT_PAPERTRAIL_PORT
+            value: 'NNNNN'
+#          - name: FLUENT_PAPERTRAIL_AUDIT_HOST
+#            value: 'logsN.papertrailapp.com'
+#          - name: FLUENT_PAPERTRAIL_AUDIT_PORT
+#            value: 'NNNNN'
+          - name: FLUENT_HOSTNAME
+            value: 'my-cluster-name'
+        resources:
+          limits:
+            cpu: 200m
+            memory: 400Mi
+          requests:
+            cpu: 200m
+            memory: 400Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: config
+          mountPath: /fluentd/etc/fluent.conf
+          subPath: fluent.conf
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
+      - name: config
+        configMap:
+          name: fluentd-papertrail-global-logging-config
+          items:
+          - key: fluent.conf
+            path: fluent.conf
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fluentd-papertrail-global-logging-config
+  namespace: kube-system
+data:
+  fluent.conf: |-
+    @include kubernetes.conf
+    @include systemd.conf
+
+#    # Capture audit logs
+#    <match kube-apiserver-audit>
+#      type papertrail
+#      num_threads 4
+#
+#      papertrail_host "#{ENV['FLUENT_PAPERTRAIL_AUDIT_HOST']}"
+#      papertrail_port "#{ENV['FLUENT_PAPERTRAIL_AUDIT_PORT']}"
+#    </match>
+#
+    # Capture all unmatched tags
+    <match **>
+      type papertrail
+      num_threads 4
+
+      papertrail_host "#{ENV['FLUENT_PAPERTRAIL_HOST']}"
+      papertrail_port "#{ENV['FLUENT_PAPERTRAIL_PORT']}"
+    </match>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-papertrail
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Jonathan Lozinski
@@ -10,36 +10,42 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-01-04 00:00:00.000000000 Z
+date: 2018-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.10.45
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.10.45
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: fluent-mixin-config-placeholders
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: syslog_protocol
   requirement: !ruby/object:Gem::Requirement
@@ -121,7 +127,6 @@ extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
 - ".gitignore"
-- Dockerfile.scratch
 - Gemfile
 - LICENSE
 - Makefile
@@ -129,7 +134,13 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- docker/Dockerfile
+- docker/conf/fluent.conf
+- docker/conf/kubernetes.conf
+- docker/conf/systemd.conf
+- docker/plugins/parser_kubernetes.rb
 - fluent-plugin-papertrail.gemspec
+- kubernetes/fluentd-daemonset-papertrail.yaml
 - lib/fluent/plugin/out_papertrail.rb
 homepage: https://github.com/solarwinds/fluent-plugin-papertrail
 licenses:
@@ -151,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Remote Syslog Output Fluentd plugin for papertrail

data/Dockerfile.scratch

@@ -1,21 +0,0 @@
-# vim:set ft=dockerfile:
-FROM ruby:2.3.6-alpine
-
-MAINTAINER Alex Ouzounis <alex.ouzounis@solarwinds.com>
-
-ENV NOKOGIRI_USE_SYSTEM_LIBRARIES=1
-
-RUN \
-    apk add --update \
-      ruby-bigdecimal \
-      ruby-bundler \
-      ruby-rdoc \
-      build-base \
-      ruby-dev \
-      git \
-      openssh \
-      ca-certificates \
-    \
-    && bundle config build.nokogiri --use-system-libraries \
-    \
-    && rm -rf /var/cache/apk/* /tmp