From 5e769c4f2282cb4e905bfac0bcab5b68fb37f47f Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 17 Jun 2025 17:11:00 +0800
Subject: [PATCH] feat(fluentbit): dmesg logging

---
 .../monitoring/fluentbit/app/config/fluent-bit.yaml   | 11 ++++++++++-
 kube/deploy/core/monitoring/fluentbit/app/hr.yaml     |  8 +++++++-
 kube/deploy/core/monitoring/fluentbit/ns.yaml         |  2 +-
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/kube/deploy/core/monitoring/fluentbit/app/config/fluent-bit.yaml b/kube/deploy/core/monitoring/fluentbit/app/config/fluent-bit.yaml
index 729a3bf8..5f63cc4f 100644
--- a/kube/deploy/core/monitoring/fluentbit/app/config/fluent-bit.yaml
+++ b/kube/deploy/core/monitoring/fluentbit/app/config/fluent-bit.yaml
@@ -8,6 +8,9 @@ pipeline:
       exclude_path: /var/log/*fluent*
       multiline.parser: cri
       tag: kubernetes.*
+    - name: kmsg
+      alias: dmesg
+      tag: dmesg.
   filters:
     # enrich and process logs with k8s metadata
     - name: kubernetes # https://docs.fluentbit.io/manual/pipeline/filters/kubernetes
@@ -21,7 +24,7 @@ pipeline:
       namespace_labels: "on"
       annotations: "on" # too big and mostly irrelevant, as it contains stuff like Reloader and Multus
       namespace_annotations: "off"
-      # owner_references: "on"
+      owner_references: "on"
       # use_kubelet: "on" # wanna use it but can't verify TLS without rotate-server-certificates :(
       # kubelet_host: "$${KUBE_NODE_IP}"
       # kube_ca_path: "/run/secrets/kubernetes.io/serviceaccount" # both apiserver SA CA and localhost kubelet CA are mounted here
@@ -40,6 +43,11 @@ pipeline:
       operation: lift
       nested_under: kubernetes
       add_prefix: kubernetes_
+    # - name: nest # TODO: convert this to grab controller type from owner_references
+    #   match: kubernetes.*
+    #   operation: lift
+    #   nested_under: kubernetes
+    #   add_prefix: kubernetes_
     - name: nest
       match: kubernetes.*
       operation: lift
@@ -59,6 +67,7 @@ pipeline:
       header:
         - 'AccountID 0'
         - 'ProjectID 0'
+      log_response_payload: false
     # # stdout
     # - name: stdout
     #   match: '*'
diff --git a/kube/deploy/core/monitoring/fluentbit/app/hr.yaml b/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
index 2a1c2603..8d48f65d 100644
--- a/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
+++ b/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
@@ -36,12 +36,13 @@ spec:
               allowPrivilegeEscalation: false
               capabilities:
                 drop: ["ALL"]
+                add: ["SYSLOG"]
             resources:
               requests:
                 cpu: "10m"
               limits:
                 cpu: "1"
-                memory: "200Mi"
+                memory: "250Mi"
             #probes: # TODO: HTTP healthchecks via health API
             #  liveness:
             #    enabled: true
@@ -73,6 +74,11 @@ spec:
         hostPath: &path "/var/log/pods"
         globalMounts:
           - path: *path
+      dmesg:
+        type: hostPath
+        hostPath: &path "/dev/kmsg"
+        globalMounts:
+          - path: *path
     defaultPodOptions:
       automountServiceAccountToken: true
       enableServiceLinks: true
diff --git a/kube/deploy/core/monitoring/fluentbit/ns.yaml b/kube/deploy/core/monitoring/fluentbit/ns.yaml
index ba3ac919..e227b94a 100644
--- a/kube/deploy/core/monitoring/fluentbit/ns.yaml
+++ b/kube/deploy/core/monitoring/fluentbit/ns.yaml
@@ -5,6 +5,6 @@ metadata:
   name: fluentbit
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
-    pod-security.kubernetes.io/enforce: &ps privileged # hostPath
+    pod-security.kubernetes.io/enforce: &ps privileged # hostPath & dmesg
     pod-security.kubernetes.io/audit: *ps
     pod-security.kubernetes.io/warn: *ps