diff --git a/README.md b/README.md index c57f8a4..3a7c693 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # documentation -This repo contains the docs provided by . +This repo contains the docs provided by . Documentation is generated via `mkdocs` and hosted in Vercel. ## Security reporting diff --git a/docs/build-optimisations.md b/docs/build-optimisations.md index 2009973..1740a5c 100644 --- a/docs/build-optimisations.md +++ b/docs/build-optimisations.md @@ -53,7 +53,7 @@ set(CMAKE_C_FLAGS "${SAVED_CMAKE_C_FLAGS}") ## Size Impact | Metric | OSS Fluent Bit | Telemetry Forge Agent | Reduction | -|--------|---------------|----------------|-----------| +| ------ | -------------- | --------------------- | --------- | | Docker Image Size | ~500MB | ~150MB | ~70% | | Binary Size | ~50-60MB | ~15-20MB | ~67% | | Memory Usage | ~50-70MB RSS | ~20-30MB RSS | ~57% | diff --git a/docs/features/git-config-auto-reload.md b/docs/features/git-config-auto-reload.md index e5ef527..442c0d5 100644 --- a/docs/features/git-config-auto-reload.md +++ b/docs/features/git-config-auto-reload.md @@ -17,14 +17,13 @@ The plugin also exposes Prometheus-compatible metrics for monitoring repository ## Configuration Options | Parameter | Type | Required | Default | Description | -|-----------|------|----------|---------|-------------| +| --------- | ---- | -------- | ------- | ----------- | | `repo` | String | Yes | - | Git repository URL (HTTPS, SSH, or file://) | | `ref` | String | No | `main` | Git reference: branch name, tag, or commit SHA | | `path` | String | Yes | - | Path to configuration file within the repository | | `clone_path` | String | No | `/tmp/fluentbit-git-repo` | Local directory for git clone and state storage | | `poll_interval` | Integer | No | `60` | Polling interval in seconds to check for updates | - The Git repository URL. Supports multiple protocols: - **HTTPS**: `https://github.com/user/repo.git` @@ -32,10 +31,11 @@ The Git repository URL. Supports multiple protocols: - **Local file**: `file:///path/to/repo` For private repositories: + - **HTTPS**: Use personal access tokens in the URL: `https://token@github.com/user/repo.git` - **SSH**: Configure SSH keys in `~/.ssh/` (requires `id_rsa` or `id_ed25519`) -#### `ref` +### `ref` The Git reference to track. Can be: @@ -50,6 +50,7 @@ The plugin monitors this reference for changes. When the commit SHA at this ref Path to the configuration file within the repository, relative to the repository root. Examples: + - `fluent-bit.yaml` - `config/production.yaml` - `environments/prod/fluent-bit.conf` @@ -57,6 +58,7 @@ Examples: #### `clone_path` Local directory where: + - The Git repository is cloned - SHA-based configuration files are stored - The state file (`.last_sha`) is stored @@ -68,6 +70,7 @@ The directory will be created if it doesn't exist. Must be writable by the Fluen How frequently (in seconds) to check the remote repository for changes. Recommended values: + - **Development/Testing**: 5-10 seconds - **Production**: 60-300 seconds @@ -155,11 +158,13 @@ pipeline: ### State Persistence The plugin stores the last processed commit SHA in a state file: -``` + +```shell {clone_path}/.last_sha ``` This state file: + - Persists across Fluent Bit restarts - Prevents unnecessary reloads when restarting with unchanged configuration - Contains a 40-character SHA-1 commit hash @@ -178,11 +183,13 @@ When a configuration change is detected: ### Change Detection The plugin uses Git commit SHAs for change detection: + - Fetches the commit SHA at the specified `ref` - Compares with the last processed SHA from state file - If different, triggers sync and reload This approach works with: + - Branch updates (SHA changes when new commits are pushed) - Tag updates (if tag is moved to a different commit) - Direct SHA monitoring (only reloads if you manually update the `ref` parameter) @@ -194,7 +201,7 @@ The plugin exposes Prometheus-compatible metrics for monitoring repository polli ### Available Metrics | Metric | Type | Labels | Description | -|--------|------|--------|-------------| +| ------ | ---- | ------ | ----------- | | `fluentbit_git_config_last_poll_timestamp_seconds` | Gauge | `name` | Unix timestamp of the last repository poll | | `fluentbit_git_config_last_reload_timestamp_seconds` | Gauge | `name` | Unix timestamp of the last configuration reload | | `fluentbit_git_config_poll_errors_total` | Counter | `name` | Total number of repository poll errors | @@ -210,7 +217,8 @@ curl http://localhost:2020/api/v1/metrics/prometheus ``` Example output: -``` + +```text # HELP fluentbit_git_config_last_poll_timestamp_seconds Unix timestamp of last repository poll # TYPE fluentbit_git_config_last_poll_timestamp_seconds gauge fluentbit_git_config_last_poll_timestamp_seconds{name="git_config.0"} 1696349234 @@ -237,6 +245,7 @@ fluentbit_git_config_info{sha="abc123def",repo="https://github.com/myorg/configs You can use these metrics with monitoring systems like Prometheus and Grafana: **Prometheus Alert Examples:** + ```yaml groups: - name: fluent_bit_git_config @@ -301,6 +310,7 @@ customs: ``` Requirements: + - SSH keys configured in `~/.ssh/id_rsa` or `~/.ssh/id_ed25519` - Proper permissions: `chmod 600 ~/.ssh/id_rsa` - Known hosts configured: `ssh-keyscan github.com >> ~/.ssh/known_hosts` @@ -322,6 +332,7 @@ The plugin is designed to be resilient to transient errors: - **Too infrequent**: Delays detection of configuration changes Choose based on your requirements: + - Critical production systems: 60-120 seconds - Active development: 5-10 seconds - Stable environments: 300-600 seconds @@ -335,16 +346,17 @@ Choose based on your requirements: ### Repository Size Large repositories with extensive history may slow initial cloning. Consider: + - Using shallow clones (future enhancement) - Keeping configuration repositories small and focused - Using separate repositories for configuration vs. application code ## Troubleshooting - ### Authentication Failures For SSH: + ```bash # Test SSH connection ssh -T git@github.com @@ -355,6 +367,7 @@ chmod 600 ~/.ssh/id_rsa ``` For HTTPS with token: + ```bash # Test git access git ls-remote https://token@github.com/user/repo.git @@ -363,12 +376,14 @@ git ls-remote https://token@github.com/user/repo.git ### Changes Not Detected Enable debug logging to see polling activity: + ```yaml service: log_level: debug ``` Check: + - Remote repository actually has new commits - `ref` points to the branch/tag you expect - Polling interval hasn't elapsed yet @@ -378,6 +393,7 @@ Check: ### Reload Failures Check: + - Configuration file syntax is valid - All referenced plugins are available - File paths and permissions are correct @@ -386,11 +402,13 @@ Check: ### High Error Rates Monitor the error metrics: + ```bash curl -s http://localhost:2020/api/v1/metrics/prometheus | grep -E "git_config_(poll|sync)_errors" ``` Common causes: + - Network connectivity issues - Authentication failures - Repository access problems diff --git a/docs/features/record-deduplication.md b/docs/features/record-deduplication.md index 3095393..f280704 100644 --- a/docs/features/record-deduplication.md +++ b/docs/features/record-deduplication.md @@ -142,7 +142,7 @@ The processor uses bloom filters and hash indexing to minimize disk I/O, ensurin ### Prometheus Metrics | Metric Name | Type | Description | -|-------------|------|-------------| +| ----------- | ---- | ----------- | | `fluentbit_processor_dedup_records_processed_total` | Counter | Total number of records processed by the deduplication processor | | `fluentbit_processor_dedup_records_removed_total` | Counter | Total number of duplicate records removed | | `fluentbit_processor_dedup_records_kept_total` | Counter | Total number of unique records kept | diff --git a/docs/index.md b/docs/index.md index d3a864a..aa869fb 100644 --- a/docs/index.md +++ b/docs/index.md @@ -97,4 +97,4 @@ Our Agent is **70% smaller than OSS Fluent Bit** through: ### Contact -For custom builds, white-label solutions, or enterprise support: **** +For custom builds, white-label solutions, or enterprise support: **** diff --git a/docs/security.md b/docs/security.md index fc0cef1..4c253b1 100644 --- a/docs/security.md +++ b/docs/security.md @@ -56,6 +56,8 @@ uid [ultimate] FluentDo sub cv25519 2025-11-28 [E] [expires: 2028-11-27] ``` +Note: FluentDo was the original name before rebranding as Telemetry Forge. + In addition we generate `sha256` checksums for all packages and sign those files as well for all targets. This information is for releases `v25.12` and `v25.10.8` onwards, for earlier releases please contact us. @@ -69,7 +71,7 @@ We provide triaged CVE reports both as a [web page](./security/triaged.md) or a The VEX endpoint can be downloaded and used like so: ```shell -curl -sSfLO https://docs.fluent.do/security/vex.json +curl -sSfLO https://docs.telemetryforge.io/security/vex.json trivy image fluent/fluent-bit:4.0.9 --vex vex.json grype fluent/fluent-bit:4.0.9 --vex vex.json ``` diff --git a/docs/security/cves.md b/docs/security/cves.md index f585ff2..3433271 100644 --- a/docs/security/cves.md +++ b/docs/security/cves.md @@ -2,7 +2,7 @@ This page hosts all known information about any security issues, mitigations and triaged CVEs. -Please reach out to us at directly for any specific concerns or queries. +Please reach out to us at directly for any specific concerns or queries. --8<-- "docs/security/triaged.md" diff --git a/docs/security/triaged/README.md b/docs/security/triaged/README.md index 5d4c46c..a029386 100644 --- a/docs/security/triaged/README.md +++ b/docs/security/triaged/README.md @@ -16,7 +16,7 @@ Using CVE-2023-2953 as an example, we do the following: vexctl create --product="pkg:oci/fluent-bit" \ --vuln="CVE-2023-2953" \ --status="under_investigation" \ - --author="info@fluent.do" \ + --author="info@telemetryforge.io" \ | tee investigation.vex.json ``` @@ -29,7 +29,7 @@ Using CVE-2023-2953 as an example, we do the following: --vuln="CVE-2023-2953" \ --status="not_affected" \ --justification="vulnerable_code_not_in_execute_path" \ - --author="info@fluent.do" \ + --author="info@telemetryforge.io" \ --impact-statement="Fluent Bit does not use this component directly or in the way affected in the CVE." \ | tee triaged.vex.json ``` @@ -51,7 +51,7 @@ The generation process will loop through all CVE directories and merge any VEX f ```shell cd docs/security/triaged/CVE-2023-2953 -vexctl merge --author="info@fluent.do" \ +vexctl merge --author="info@telemetryforge.io" \ investigation.vex.json \ triaged.vex.json | tee vex.json ``` diff --git a/docs/security/vex.json b/docs/security/vex.json index c7ad7c5..c1de3d3 100644 --- a/docs/security/vex.json +++ b/docs/security/vex.json @@ -1,7 +1,7 @@ { "@context": "https://openvex.dev/ns/v0.2.0", "@id": "merged-vex-681248f4fa4785dbdea36f4da98fc053a78f65a9ec3c68e3acb19ae133adb244", - "author": "info@fluent.do", + "author": "info@telemetryforge.io", "timestamp": "2025-09-05T14:21:45.108287698+01:00", "version": 1, "statements": [ diff --git a/docs/supported-platforms.md b/docs/supported-platforms.md index 7db5948..46f6435 100644 --- a/docs/supported-platforms.md +++ b/docs/supported-platforms.md @@ -4,9 +4,9 @@ Our Agent supports all major architectures including `x86_64` and `arm64` as wel Releases can be found or watched here: -Packages are available via [https://packages.fluent.do](https://packages.fluent.do/index.html). +Packages are available via [https://packages.telemetryforge.io](https://packages.telemetryforge.io/index.html). -Please [contact us](mailto:info@fluent.do) for full details. +Please [contact us](mailto:info@telemetryforge.io) for full details. ## Kubernetes versions @@ -33,23 +33,23 @@ Hardened container images are provided for: Packages as well as public VM images (or AMIs) are available for the following Enterprise OS Versions: -|OS | Versions Supported | Notes | -|---|--------------------|-------| -|RHEL|7.x, 8.x, 9.x, 10.x|RHEL compatibility via CentOS 7 then Alma Linux 8-10. | -|CentOS|6.x, 7.x|| -|CentOS Stream|8, 9, 10|Upstream dependencies no longer guaranteed to be RHEL-compatible.| -|Alma Linux| 8, 9, 10| RHEL–compatible without breaking changes from CentOS stream. | -|Rocky Linux| 8, 9, 10| RHEL–compatible without breaking changes from CentOS stream. | -|SUSE Linux Enterprise Server (SLES)|12, 15|| -|Ubuntu LTS|18.04, 20.04, 22.04, 24.04|| -|Debian|10,11,12,13|| -|Mariner/Azure Linux|2,3|| -|Amazon Linux|2023|| -|Windows|2022,2025| Server versions but compatible with desktop equivalents | -|macOS|14,15|Apple and Intel Silicon| +| OS | Versions Supported | Notes | +| -- | ------------------ | ----- | +| RHEL | 7.x, 8.x, 9.x, 10.x | RHEL compatibility via CentOS 7 then Alma Linux 8-10. | +| CentOS | 6.x, 7.x | | +| CentOS Stream | 8, 9, 10 | Upstream dependencies no longer guaranteed to be RHEL-compatible. | +| Alma Linux | 8, 9, 10 | RHEL–compatible without breaking changes from CentOS stream. | +| Rocky Linux | 8, 9, 10 | RHEL–compatible without breaking changes from CentOS stream. | +| SUSE Linux Enterprise Server (SLES) | 12, 15 | | +| Ubuntu LTS | 18.04, 20.04, 22.04, 24.04 | | +| Debian | 10,11,12,13 | | +| Mariner/Azure Linux | 2,3 | | +| Amazon Linux | 2023 | | +| Windows | 2022,2025 | Server versions but compatible with desktop equivalents | +| macOS | 14,15 | Apple and Intel Silicon | ARM64 and AMD64 variants are provided where applicable. Part of our support package includes testing against the specific use cases or configurations you may require. -Installation of packages is available via [https://packages.fluent.do](https://packages.fluent.do/index.html). +Installation of packages is available via [https://packages.telemetryforge.io](https://packages.telemetryforge.io/index.html). diff --git a/mkdocs.yml b/mkdocs.yml index 68c08eb..6fe8a70 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -77,9 +77,9 @@ extra: - icon: fontawesome/brands/github link: https://github.com/telemetryforge - icon: fontawesome/brands/linkedin - link: https://www.linkedin.com/company/fluent-do + link: https://www.linkedin.com/company/telemetry-forge - icon: fontawesome/solid/paper-plane - link: mailto:info@fluent.do + link: mailto:info@telemetryforge.io copyright: > Copyright © 2026 Telemetry Forge Change cookie settings diff --git a/scripts/security/generate-vex-output.sh b/scripts/security/generate-vex-output.sh index 20a5725..8c453e8 100755 --- a/scripts/security/generate-vex-output.sh +++ b/scripts/security/generate-vex-output.sh @@ -34,7 +34,7 @@ REPO_ROOT=${REPO_ROOT:-$SCRIPT_DIR/../..} CVE_DIR=${CVE_DIR:-$REPO_ROOT/docs/security} OUTPUT_MD=${OUTPUT_MD:-"$CVE_DIR/triaged.md"} TRIAGED_DIR=${TRIAGED_DIR:-"$CVE_DIR/triaged"} -AUTHOR=${AUTHOR:-"info@fluent.do"} +AUTHOR=${AUTHOR:-"info@telemetryforge.io"} COMBINED_VEX_FILE=${COMBINED_VEX_FILE:-"$CVE_DIR/vex.json"} RELATIVE_VEX_PATH=$(realpath --relative-to="$(dirname "$OUTPUT_MD")" "$COMBINED_VEX_FILE") diff --git a/scripts/security/run-scans.sh b/scripts/security/run-scans.sh index 6877a5f..5b9bc9f 100755 --- a/scripts/security/run-scans.sh +++ b/scripts/security/run-scans.sh @@ -68,7 +68,7 @@ cat < "$CVE_DIR/cves.md" This page hosts all known information about any security issues, mitigations and triaged CVEs. -Please reach out to us at directly for any specific concerns or queries. +Please reach out to us at directly for any specific concerns or queries. --8<-- "docs/security/triaged.md"