Add option to control if ClusterOutput can be used from namespaced Flows or not

kube-logging / logging-operator

Logging operator for Kubernetes

https://kube-logging.dev

Apache License 2.0

1.53k stars 326 forks source link

Add option to control if ClusterOutput can be used from namespaced Flows or not #1709

Closed xhejtman closed 4 months ago

xhejtman commented 5 months ago

Is your feature request related to a problem? Please describe. Currently, cluster administrators can create Cluster Flows and Cluster Outputs. Any user can send Flow to the Cluster Output spamming admins outputs with his/her logs.

Describe the solution you'd like A simple flag for the operator config so that user Flow cannot reference Cluster Output.

pepov commented 5 months ago

Thanks @xhejtman !

I would suggest having a flag on the ClusterOutput and SyslogNGClusterOutput CRDs instead so that admins can decide whether they want to share or hide one-by-one instead of doing it globally. Does it make sense?

xhejtman commented 5 months ago

Yes, makes sense perfectly

sebastiangaiser commented 5 months ago

As a sidenote. We archived this by a Kyverno Policy but I would also be interested in this feature.

pepov commented 4 months ago

planned for the next release milestone: https://github.com/kube-logging/logging-operator/milestone/27