Update cos-auditd-logging.yaml to replace fluent-bit image

[baizhenyu]

• Replace internal fluent-bit image with latest OSS one
• Remove deprecated fluent-bit config settings in latest

[baizhenyu]

/assign @SergeyKanzhelev

[giuliano-sider]

LGTM

[SergeyKanzhelev]

is it a good practice to use latest and suggest to use one from dockerhub?

[baizhenyu]

I discussed internally with my teammates and we believe there is no harm for the cx to use OSS version of image in this particular case since we only provide an example to setup audit logging in COS.

Regarding using latest, the purpose is to reduce potential cx tickets due to mismatched version of libsystemd used to compile fluent-bit and the one used in COS. We agree that it will break at some point (e.g fluent-bit change config format etc) but it is fine to update this file again later.

[erain]

We discussed internally and we support this solution in a "best effort" way and would like to highlight that this is a solution depending on OSS tool - hence suggesting use the latest dockerhub image.

[SergeyKanzhelev]

Please add a comment above this line suggesting to change it. Something like:

Suggested change

	image: fluent/fluent-bit:latest
	# this image is used for demo purposes. The best practice is to use the image from controlled registry and reference it by SHA.
	image: fluent/fluent-bit:latest

[SergeyKanzhelev]

Extra credit for mentioning this in the docs: https://cloud.google.com/kubernetes-engine/docs/how-to/linux-auditd-logging as well

[baizhenyu]

The notes have been added and we will update the public doc later.

[erain]

LGTM.