andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[dev-v2.10] rancher-logging 105.2.0-rc.1+up4.10.0 create (#4876)

pull/4918/head
Julia Bier 2025-01-02 11:34:09 -04:00 committed by GitHub
parent a461056098
commit 6bb1a451af
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
72 changed files with 88816 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-logging-crd/rancher-logging-crd-105.2.0-rc.1+up4.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/rancher-logging/rancher-logging-105.2.0-rc.1+up4.10.0.tgz Normal file
View File

Binary file not shown.

10
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/Chart.yaml Normal file
View File

@ -0,0 +1,10 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/release-name: rancher-logging-crd
apiVersion: v1
description: Installs the CRDs for rancher-logging.
name: rancher-logging-crd
type: application
version: 105.2.0-rc.1+up4.10.0

2
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/README.md Normal file
View File

@ -0,0 +1,2 @@
# rancher-logging-crd
A Rancher chart that installs the CRDs used by rancher-logging.

2496
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging-extensions.banzaicloud.io_eventtailers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2686
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging-extensions.banzaicloud.io_hosttailers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2166
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_clusterflows.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

14824
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_clusteroutputs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2150
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_flows.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2633
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_fluentbitagents.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

3345
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_fluentdconfigs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

106
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_loggingroutes.yaml Normal file
View File

@ -0,0 +1,106 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: loggingroutes.logging.banzaicloud.io
spec:
group: logging.banzaicloud.io
names:
categories:
- logging-all
kind: LoggingRoute
listKind: LoggingRouteList
plural: loggingroutes
shortNames:
- lr
singular: loggingroute
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Number of problems
jsonPath: .status.problemsCount
name: Problems
type: integer
- description: Number of notices
jsonPath: .status.noticesCount
name: Notices
type: integer
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
source:
type: string
targets:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
required:
- source
- targets
type: object
status:
properties:
notices:
items:
type: string
type: array
noticesCount:
type: integer
problems:
items:
type: string
type: array
problemsCount:
type: integer
tenants:
items:
properties:
name:
type: string
namespaces:
items:
type: string
type: array
required:
- name
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

21063
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_loggings.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

4867
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_nodeagents.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

14090
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_outputs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

360
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_syslogngclusterflows.yaml Normal file
View File

@ -0,0 +1,360 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: syslogngclusterflows.logging.banzaicloud.io
spec:
group: logging.banzaicloud.io
names:
categories:
- logging-all
kind: SyslogNGClusterFlow
listKind: SyslogNGClusterFlowList
plural: syslogngclusterflows
singular: syslogngclusterflow
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Is the flow active?
jsonPath: .status.active
name: Active
type: boolean
- description: Number of problems
jsonPath: .status.problemsCount
name: Problems
type: integer
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
filters:
items:
properties:
id:
type: string
match:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
parser:
properties:
metrics-probe:
properties:
key:
type: string
labels:
additionalProperties:
type: string
type: object
level:
type: integer
type: object
regexp:
properties:
flags:
items:
type: string
type: array
patterns:
items:
type: string
type: array
prefix:
type: string
template:
type: string
required:
- patterns
type: object
syslog-parser:
properties:
flags:
items:
type: string
type: array
type: object
type: object
rewrite:
items:
properties:
group_unset:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
pattern:
type: string
required:
- pattern
type: object
rename:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
newName:
type: string
oldName:
type: string
required:
- newName
- oldName
type: object
set:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
value:
type: string
required:
- field
- value
type: object
subst:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
flags:
items:
type: string
type: array
pattern:
type: string
replace:
type: string
type:
type: string
required:
- field
- pattern
- replace
type: object
unset:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
required:
- field
type: object
type: object
type: array
type: object
type: array
globalOutputRefs:
items:
type: string
type: array
loggingRef:
type: string
match:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
outputMetrics:
items:
properties:
key:
type: string
labels:
additionalProperties:
type: string
type: object
level:
type: integer
type: object
type: array
type: object
status:
properties:
active:
type: boolean
problems:
items:
type: string
type: array
problemsCount:
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}

3356
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_syslogngclusteroutputs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

8282
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_syslogngconfigs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

364
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_syslogngflows.yaml Normal file
View File

@ -0,0 +1,364 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: syslogngflows.logging.banzaicloud.io
spec:
group: logging.banzaicloud.io
names:
categories:
- logging-all
kind: SyslogNGFlow
listKind: SyslogNGFlowList
plural: syslogngflows
singular: syslogngflow
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Is the flow active?
jsonPath: .status.active
name: Active
type: boolean
- description: Number of problems
jsonPath: .status.problemsCount
name: Problems
type: integer
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
filters:
items:
properties:
id:
type: string
match:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
parser:
properties:
metrics-probe:
properties:
key:
type: string
labels:
additionalProperties:
type: string
type: object
level:
type: integer
type: object
regexp:
properties:
flags:
items:
type: string
type: array
patterns:
items:
type: string
type: array
prefix:
type: string
template:
type: string
required:
- patterns
type: object
syslog-parser:
properties:
flags:
items:
type: string
type: array
type: object
type: object
rewrite:
items:
properties:
group_unset:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
pattern:
type: string
required:
- pattern
type: object
rename:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
newName:
type: string
oldName:
type: string
required:
- newName
- oldName
type: object
set:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
value:
type: string
required:
- field
- value
type: object
subst:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
flags:
items:
type: string
type: array
pattern:
type: string
replace:
type: string
type:
type: string
required:
- field
- pattern
- replace
type: object
unset:
properties:
condition:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
field:
type: string
required:
- field
type: object
type: object
type: array
type: object
type: array
globalOutputRefs:
items:
type: string
type: array
localOutputRefs:
items:
type: string
type: array
loggingRef:
type: string
match:
properties:
and:
x-kubernetes-preserve-unknown-fields: true
not:
x-kubernetes-preserve-unknown-fields: true
or:
x-kubernetes-preserve-unknown-fields: true
regexp:
properties:
flags:
items:
type: string
type: array
pattern:
type: string
template:
type: string
type:
type: string
value:
type: string
required:
- pattern
type: object
type: object
outputMetrics:
items:
properties:
key:
type: string
labels:
additionalProperties:
type: string
type: object
level:
type: integer
type: object
type: array
type: object
status:
properties:
active:
type: boolean
problems:
items:
type: string
type: array
problemsCount:
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}

3350
charts/rancher-logging-crd/105.2.0-rc.1+up4.10.0/templates/logging.banzaicloud.io_syslogngoutputs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

26
charts/rancher-logging/105.2.0-rc.1+up4.10.0/.helmignore Normal file
View File

@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
ci/
README.md.gotmpl

30
charts/rancher-logging/105.2.0-rc.1+up4.10.0/Chart.yaml Normal file
View File

@ -0,0 +1,30 @@
annotations:
catalog.cattle.io/auto-install: rancher-logging-crd=match
catalog.cattle.io/certified: rancher
catalog.cattle.io/deploys-on-os: windows
catalog.cattle.io/display-name: Logging
catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0'
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0'
catalog.cattle.io/release-name: rancher-logging
catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: logging
catalog.cattle.io/upstream-version: 4.10.0
apiVersion: v2
appVersion: 4.10.0
description: Logging operator for Kubernetes based on Fluentd and Fluentbit.
home: https://kube-logging.github.io
icon: file://assets/logos/rancher-logging.svg
keywords:
- logging
- fluentd
- fluentbit
kubeVersion: '>=1.28.0-0'
name: rancher-logging
sources:
- https://github.com/kube-logging/logging-operator
- https://github.com/kube-logging/helm-charts/tree/main/charts/logging-operator
type: application
version: 105.2.0-rc.1+up4.10.0

135
charts/rancher-logging/105.2.0-rc.1+up4.10.0/README.md Normal file
View File

@ -0,0 +1,135 @@
# logging-operator
![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![kube version: >=1.22.0-0](https://img.shields.io/badge/kube%20version->=1.22.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-logging--operator-informational?style=flat-square)](https://artifacthub.io/packages/helm/kube-logging/logging-operator)
Logging operator for Kubernetes based on Fluentd and Fluentbit.
**Homepage:** <https://kube-logging.github.io>
## TL;DR;
```bash
helm install --generate-name --wait oci://ghcr.io/kube-logging/helm-charts/logging-operator
```
or to install with a specific version:
```bash
helm install --generate-name --wait oci://ghcr.io/kube-logging/helm-charts/logging-operator --version $VERSION
```
## Introduction
This chart bootstraps a [Logging Operator](https://github.com/kube-logging/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.19+
## Installing CRDs
Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| replicaCount | int | `1` | |
| image.repository | string | `"ghcr.io/kube-logging/logging-operator"` | Name of the image repository to pull the container image from. |
| image.tag | string | `""` | Image tag override for the default value (chart appVersion). |
| image.pullPolicy | string | `"IfNotPresent"` | [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for updating already existing images on a node. |
| env | list | `[]` | |
| volumes | list | `[]` | |
| volumeMounts | list | `[]` | |
| extraArgs[0] | string | `"-enable-leader-election=true"` | |
| imagePullSecrets | list | `[]` | |
| nameOverride | string | `""` | A name in place of the chart name for `app:` labels. |
| fullnameOverride | string | `""` | A name to substitute for the full names of resources. |
| namespaceOverride | string | `""` | A namespace override for the app. |
| annotations | object | `{}` | Define annotations for logging-operator pods. |
| createCustomResource | bool | `false` | Deploy CRDs used by Logging Operator. |
| http.port | int | `8080` | HTTP listen port number. |
| http.service | object | `{"annotations":{},"clusterIP":"None","labels":{},"type":"ClusterIP"}` | Service definition for query http service. |
| rbac.enabled | bool | `true` | Create rbac service account and roles. |
| monitoring.serviceMonitor.enabled | bool | `false` | Create a Prometheus Operator ServiceMonitor object. |
| monitoring.serviceMonitor.additionalLabels | object | `{}` | |
| monitoring.serviceMonitor.metricRelabelings | list | `[]` | |
| monitoring.serviceMonitor.relabelings | list | `[]` | |
| podSecurityContext | object | `{}` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) # SecurityContext holds pod-level security attributes and common container settings. # This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| securityContext | object | `{}` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) |
| priorityClassName | object | `{}` | Operator priorityClassName. |
| serviceAccount.annotations | object | `{}` | Define annotations for logging-operator ServiceAccount. |
| resources | object | `{}` | CPU/Memory resource requests/limits |
| nodeSelector | object | `{}` | |
| tolerations | list | `[]` | Node Tolerations |
| affinity | object | `{}` | Node Affinity |
| podLabels | object | `{}` | Define which Nodes the Pods are scheduled on. |
| logging | object | `{"allowClusterResourcesFromAllNamespaces":false,"clusterDomain":"cluster.local.","clusterFlows":[],"clusterOutputs":[],"controlNamespace":"","defaultFlow":{},"enableRecreateWorkloadOnImmutableFieldChange":false,"enabled":false,"errorOutputRef":"","eventTailer":{},"flowConfigCheckDisabled":false,"flowConfigOverride":"","fluentbit":{},"fluentbitDisabled":false,"fluentd":{},"fluentdDisabled":false,"globalFilters":[],"hostTailer":{},"loggingRef":"","nodeAgents":{},"skipInvalidResources":false,"syslogNG":{},"watchNamespaceSelector":{},"watchNamespaces":[]}` | Logging resources configuration. |
| logging.enabled | bool | `false` | Logging resources are disabled by default |
| logging.loggingRef | string | `""` | Reference to the logging system. Each of the loggingRefs can manage a fluentbit daemonset and a fluentd statefulset. |
| logging.flowConfigCheckDisabled | bool | `false` | Disable configuration check before applying new fluentd configuration. |
| logging.skipInvalidResources | bool | `false` | Whether to skip invalid Flow and ClusterFlow resources |
| logging.flowConfigOverride | string | `""` | Override generated config. This is a raw configuration string for troubleshooting purposes. |
| logging.fluentbitDisabled | bool | `false` | Flag to disable fluentbit completely |
| logging.fluentbit | object | `{}` | Fluent-bit configurations https://kube-logging.github.io/docs/configuration/crds/v1beta1/fluentbit_types/ |
| logging.fluentdDisabled | bool | `false` | Flag to disable fluentd completely |
| logging.fluentd | object | `{}` | Fluentd configurations https://kube-logging.github.io/docs/configuration/crds/v1beta1/fluentd_types/ |
| logging.syslogNG | object | `{}` | Syslog-NG statefulset configuration |
| logging.defaultFlow | object | `{}` | Default flow for unmatched logs. This Flow configuration collects all logs that didnt match any other Flow. |
| logging.errorOutputRef | string | `""` | GlobalOutput name to flush ERROR events to |
| logging.globalFilters | list | `[]` | Global filters to apply on logs before any match or filter mechanism. |
| logging.watchNamespaces | list | `[]` | Limit namespaces to watch Flow and Output custom resources. |
| logging.watchNamespaceSelector | object | `{}` | Limit namespaces to watch Flow and Output custom resources. |
| logging.clusterDomain | string | `"cluster.local."` | Cluster domain name to be used when templating URLs to services |
| logging.controlNamespace | string | `""` | Namespace for cluster wide configuration resources like ClusterFlow and ClusterOutput. This should be a protected namespace from regular users. Resources like fluentbit and fluentd will run in this namespace as well. |
| logging.allowClusterResourcesFromAllNamespaces | bool | `false` | Allow configuration of cluster resources from any namespace. Mutually exclusive with ControlNamespace restriction of Cluster resources |
| logging.nodeAgents | object | `{}` | NodeAgent Configuration |
| logging.configCheck | object | `{}` | configCheck provides possibility for timeout-based configuration checks https://kube-logging.dev/docs/whats-new/#timeout-based-configuration-checks |
| logging.enableRecreateWorkloadOnImmutableFieldChange | bool | `false` | EnableRecreateWorkloadOnImmutableFieldChange enables the operator to recreate the fluentbit daemonset and the fluentd statefulset (and possibly other resource in the future) in case there is a change in an immutable field that otherwise couldnt be managed with a simple update. |
| logging.enableDockerParserCompatibilityForCRI | bool | `false` | EnableDockerParserCompatibilityForCRI enables Docker log format compatibility for CRI workloads. |
| logging.clusterFlows | list | `[]` | ClusterFlows to deploy |
| logging.clusterOutputs | list | `[]` | ClusterOutputs to deploy |
| logging.eventTailer.enabled | bool | `false` | |
| logging.eventTailer.name | string | `"event-tailer"` | |
| logging.eventTailer.image.repository | string | `nil` | repository of eventTailer image |
| logging.eventTailer.image.tag | string | `nil` | tag of eventTailer image |
| logging.eventTailer.image.pullPolicy | string | `nil` | pullPolicy of eventTailer image |
| logging.eventTailer.image.imagePullSecrets | list | `[]` | imagePullSecrets of eventTailer image |
| logging.eventTailer.pvc.enabled | bool | `true` | enable pvc for |
| logging.eventTailer.pvc.accessModes | list | `["ReadWriteOnce"]` | storage class for event tailer pvc |
| logging.eventTailer.pvc.volumeMode | string | `"Filesystem"` | storage class for event tailer pvc |
| logging.eventTailer.pvc.storage | string | `"1Gi"` | storage for event tailer pvc |
| logging.eventTailer.pvc.storageClassName | string | `nil` | storage class for event tailer pvc |
| logging.eventTailer.workloadMetaOverrides | string | `nil` | workloadMetaOverrides |
| logging.eventTailer.workloadOverrides | string | `nil` | workloadOverrides |
| logging.eventTailer.containerOverrides | string | `nil` | containerOverrides |
| logging.hostTailer.enabled | bool | `false` | HostTailer |
| logging.hostTailer.name | string | `"hosttailer"` | name of HostTailer |
| logging.hostTailer.image.repository | string | `nil` | repository of eventTailer image |
| logging.hostTailer.image.tag | string | `nil` | tag of eventTailer image |
| logging.hostTailer.image.pullPolicy | string | `nil` | pullPolicy of eventTailer image |
| logging.hostTailer.image.imagePullSecrets | list | `[]` | imagePullSecrets of eventTailer image |
| logging.hostTailer.workloadMetaOverrides | string | `nil` | workloadMetaOverrides of HostTailer |
| logging.hostTailer.workloadOverrides | string | `nil` | workloadOverrides of HostTailer |
| logging.hostTailer.fileTailers | list | `[]` | configure fileTailers of HostTailer example: - name: sample-file path: /var/log/sample-file disabled: false buffer_max_size: buffer_chunk_size: skip_long_lines: read_from_head: false containerOverrides: image: |
| logging.hostTailer.systemdTailers | list | `[]` | configure systemdTailers of HostTailer example: - name: system-sample disabled: false systemdFilter: kubelet.service maxEntries: 20 containerOverrides: image: |
| testReceiver.enabled | bool | `false` | |
| testReceiver.image | string | `"fluent/fluent-bit"` | |
| testReceiver.pullPolicy | string | `"IfNotPresent"` | |
| testReceiver.port | int | `8080` | |
| testReceiver.args[0] | string | `"-i"` | |
| testReceiver.args[1] | string | `"http"` | |
| testReceiver.args[2] | string | `"-p"` | |
| testReceiver.args[3] | string | `"port=8080"` | |
| testReceiver.args[4] | string | `"-o"` | |
| testReceiver.args[5] | string | `"stdout"` | |
| testReceiver.resources.limits.cpu | string | `"100m"` | |
| testReceiver.resources.limits.memory | string | `"50Mi"` | |
| testReceiver.resources.requests.cpu | string | `"20m"` | |
| testReceiver.resources.requests.memory | string | `"25Mi"` | |
| extraManifests | list | `[]` | Extra manifests to deploy as an array |
## Installing Fluentd and Fluent-bit via logging
The chart does **not** install `logging` resource to deploy Fluentd (or Syslog-ng) and Fluent-bit on the cluster by default, but
it can be enabled by setting the `logging.enabled` value to true.

45
charts/rancher-logging/105.2.0-rc.1+up4.10.0/app-readme.md Normal file
View File

@ -0,0 +1,45 @@
# Rancher Logging
This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace.
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.7/).
## Upgrading to Kubernetes v1.25+
Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
> **Note:**
> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
> **Note:**
> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
>
> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
## Namespace-level logging
To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs.
## Cluster-level logging
To collect logs from an entire cluster, users create cluster flows and cluster outputs.
## CRDs
- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator.
- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow.
- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in.
- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider.
For more information on how to configure the Helm chart, refer to the Helm README.
## Systemd Configuration
Some Kubernetes distributions log to journald. In order to collect these logs the `systemdLogPath` needs to be defined. While the `/run/log/journal` directory is used by default, some Linux distributions do not default to this path. For example Ubuntu defaults to `/var/log/journal`. To determine your `systemdLogPath` run `cat /etc/systemd/journald.conf | grep -E ^\#?Storage | cut -d"=" -f2` on one of your nodes. If `persistent` is returned your `systemdLogPath` should be `/var/log/journal`. If `volatile` is returned `systemdLogPath` should be `/run/log/journal`. If `auto` is returned check if `/var/log/journal` exists, and if it does then use `/var/log/journal`, otherwise use `/run/log/journal`.
If any value not described here is returned, Rancher Logging will not be able to collect control plane logs. To address this issue set `Storage=volatile` in journald.conf, reboot your machine, and set `systemdLogPath` to `/run/log/journal`.

0
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/NOTES.txt Normal file
View File

85
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/_generic_fluentbitagent.yaml Normal file
View File

@ -0,0 +1,85 @@
{{- define "logging-operator.fluentbitagent.tpl" -}}
apiVersion: logging.banzaicloud.io/v1beta1
kind: FluentbitAgent
metadata:
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
image:
repository: {{ template "logging-operator.fluentbitImageRepository" . }}
tag: {{ template "logging-operator.fluentbitImageTag" . }}
{{- if not .Values.disablePvc }}
{{- with .Values.fluentbit.bufferStorage }}
bufferStorage: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.bufferStorageVolume }}
bufferStorageVolume: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.global.cattle.psp.enabled .Values.global.seLinux.enabled }}
security:
{{- end }}
{{- if .Values.global.cattle.psp.enabled }}
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
{{- if or .Values.fluentbit.inputTail.Buffer_Chunk_Size .Values.fluentbit.inputTail.Buffer_Max_Size .Values.fluentbit.inputTail.Mem_Buf_Limit .Values.fluentbit.inputTail.Multiline_Flush .Values.fluentbit.inputTail.Skip_Long_Lines }}
inputTail:
{{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }}
Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Buffer_Max_Size }}
Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }}
Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Multiline_Flush }}
Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Skip_Long_Lines }}
Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }}
{{- end }}
{{- end }}
{{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.metrics }}
metrics: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
{{- define "logging-operator.util.merge.fluentbitagent" -}}
{{/* Top context to expose fields like `.Release` and `.Values` */}}
{{- $top := first . -}}
{{/* tpl is the template specific to the fluentbit implementation */}}
{{- $tpl := fromYaml (include (index . 1) $top) | default (dict ) -}}
{{/* Generic is the shared rancher fluentbit setttings from `_generic_fluentbitagent.yaml` */}}
{{- $generic := fromYaml (include (index . 2) $top) | default (dict ) -}}
{{/* values are from the values.yaml */}}
{{- $values := $top.Values.fluentbitAgentOverlay | default (dict ) -}}
####### {{$generic}}
{{/* the sources are merge right to left meaning tpl is the highest prcedence and values is the lowest */}}
{{- toYaml (merge $tpl $values $generic) -}}
{{- end -}}
{{- define "logging-operator.fluentbitagent" -}}
{{- include "logging-operator.util.merge.fluentbitagent" (append . "logging-operator.fluentbitagent.tpl") -}}
{{- end -}}

75
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/_generic_logging.yaml Normal file
View File

@ -0,0 +1,75 @@
{{- define "logging-operator.logging.tpl" -}}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentd:
{{- with .Values.fluentd.logLevel }}
logLevel: {{ . }}
{{- end }}
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
{{- with .Values.fluentd.bufferStorageVolume }}
bufferStorageVolume: {{- toYaml . | nindent 6 }}
{{- end }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.fluentd.replicas }}
scaling:
replicas: {{ .Values.fluentd.replicas }}
{{- end }}
security:
podSecurityContext:
{{- if .Values.global.cattle.psp.enabled }}
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.fluentd.env }}
envVars: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with (default .Values.tolerations .Values.fluentd.tolerations) }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.metrics }}
metrics: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
{{- define "logging-operator.util.merge.logging" -}}
{{/* Top context to expose fields like `.Release` and `.Values` */}}
{{- $top := first . -}}
{{/* tpl is the template specific to the logging implementation */}}
{{- $tpl := fromYaml (include (index . 1) $top) | default (dict ) -}}
{{/* Generic is the shared rancher logging setttings from `_generic_logging.yaml` */}}
{{- $generic := fromYaml (include (index . 2) $top) | default (dict ) -}}
{{/* values are from the values.yaml */}}
{{- $values := $top.Values.loggingOverlay | default (dict ) -}}
####### {{$generic}}
{{/* the sources are merge right to left meaning tpl is the highest prcedence and values is the lowest */}}
{{- toYaml (merge $tpl $values $generic) -}}
{{- end -}}
{{- define "logging-operator.logging" -}}
{{- include "logging-operator.util.merge.logging" (append . "logging-operator.logging.tpl") -}}
{{- end -}}

197
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,197 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "logging-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "logging-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the release.
*/}}
{{- define "logging-operator.releasename" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Provides the namespace the chart will be installed in using the builtin .Release.Namespace,
or, if provided, a manually overwritten namespace value.
*/}}
{{- define "logging-operator.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{ .Values.namespaceOverride -}}
{{- else -}}
{{ .Release.Namespace }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "logging-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "logging-operator.labels" -}}
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
helm.sh/chart: {{ include "logging-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "windowsEnabled" }}
{{- if not (kindIs "invalid" .Values.global.cattle.windows) }}
{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }}
{{- if .Values.global.cattle.windows.enabled }}
true
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- define "windowsPathPrefix" -}}
{{- trimSuffix "/" (default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" | replace "//" "/" | replace "c:" "C:") -}}
{{- end -}}
{{- define "windowsKubernetesFilter" -}}
{{- printf "kubernetes.%s" ((include "windowsPathPrefix" .) | replace ":" "" | replace "/" ".") -}}
{{- end -}}
{{- define "windowsInputTailMount" -}}
{{- (include "windowsPathPrefix" .) | replace "C:" "" -}}
{{- end -}}
{{/*
Set the controlplane selector based on kubernetes distribution
*/}}
{{- define "controlplaneSelector" -}}
{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}}
{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}}
{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }}
{{- end -}}
{{/*
Set kube-audit file path prefix based on distribution
*/}}
{{- define "kubeAuditPathPrefix" -}}
{{- if .Values.additionalLoggingSources.rke.enabled -}}
{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
{{- else if .Values.additionalLoggingSources.rke2.enabled -}}
{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
{{- else -}}
{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
{{- end -}}
{{- end -}}
{{/*
Set kube-audit file name based on distribution
*/}}
{{- define "kubeAuditFilename" -}}
{{- if .Values.additionalLoggingSources.rke.enabled -}}
{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
{{- else if .Values.additionalLoggingSources.rke2.enabled -}}
{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
{{- else -}}
{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
{{- end -}}
{{- end -}}
{{/*
A shared list of custom parsers for the vairous fluentbit pods rancher creates
*/}}
{{- define "logging-operator.parsers" -}}
[PARSER]
Name klog
Format regex
Regex ^(?<level>[IWEF])(?<timestamp>\d{4} \d{2}:\d{2}:\d{2}).\d{6} +?(?<thread_id>\d+) (?<filename>.+):(?<linenumber>\d+)] (?<message>.+)
Time_Key timestamp
Time_Format %m%d %T
[PARSER]
Name rancher
Format regex
Regex ^time="(?<timestamp>.+)" level=(?<level>.+) msg="(?<msg>.+)"$
Time_Key timestamp
Time_Format %FT%H:%M:%S
[PARSER]
Name etcd
Format json
Time_Key timestamp
Time_Format %FT%H:%M:%S.%L
{{- end -}}
{{/*
Set kubernetes log options if they are configured
*/}}
{{- define "requireFilterKubernetes" -}}
{{- if or .Values.fluentbit.filterKubernetes.Merge_Log .Values.fluentbit.filterKubernetes.Merge_Log_Key .Values.fluentbit.filterKubernetes.Merge_Trim .Values.fluentbit.filterKubernetes.Merge_Parser -}}
true
{{- end -}}
{{- end -}}
{{/*Fluent Bit Image Repository */}}
{{- define "logging-operator.fluentbitImageRepository" -}}
{{- if .Values.debug -}}
{{ template "system_default_registry" . }}{{ .Values.images.fluentbit_debug.repository }}
{{- else -}}
{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
{{- end -}}
{{- end -}}
{{/*Fluent Bit Image Tag */}}
{{- define "logging-operator.fluentbitImageTag" -}}
{{- if .Values.debug -}}
{{ .Values.images.fluentbit_debug.tag }}
{{- else -}}
{{ .Values.images.fluentbit.tag }}
{{- end -}}
{{- end -}}
{{/*Fluent Bit Image */}}
{{- define "logging-operator.fluentbitImage" -}}
{{ template "logging-operator.fluentbitImageRepository" . }}:{{ template "logging-operator.fluentbitImageTag" . }}
{{- end -}}
{{/*
Formats the cluster domain as a suffix, e.g.:
.Values.clusterDomain == "", returns ""
.Values.clusterDomain == "cluster.local.", returns ".cluster.local."
*/}}
{{- define "logging-operator.clusterDomainAsSuffix" -}}
{{- if .Values.clusterDomain -}}
{{- printf ".%s" .Values.clusterDomain -}}
{{- end -}}
{{- end -}}

242
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,242 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "logging-operator.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
- namespaces
- nodes
- nodes/proxy
verbs:
- get
- list
- watch
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
- policy
resources:
- podsecuritypolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- use
- watch
- apiGroups:
- logging-extensions.banzaicloud.io
resources:
- eventtailers
- hosttailers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- logging-extensions.banzaicloud.io
resources:
- eventtailers/status
- hosttailers/status
verbs:
- get
- patch
- update
- apiGroups:
- logging.banzaicloud.io
resources:
- clusterflows
- clusteroutputs
- flows
- fluentbitagents
- fluentdconfigs
- loggingroutes
- loggings
- nodeagents
- outputs
- syslogngclusterflows
- syslogngclusteroutputs
- syslogngconfigs
- syslogngflows
- syslogngoutputs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- logging.banzaicloud.io
resources:
- clusterflows/status
- clusteroutputs/status
- flows/status
- fluentbitagents/status
- fluentdconfigs/status
- loggingroutes/status
- loggings/status
- nodeagents/status
- outputs/status
- syslogngclusterflows/status
- syslogngclusteroutputs/status
- syslogngconfigs/status
- syslogngflows/status
- syslogngoutputs/status
verbs:
- get
- patch
- update
- apiGroups:
- logging.banzaicloud.io
resources:
- loggings/finalizers
verbs:
- update
- apiGroups:
- monitoring.coreos.com
resources:
- prometheusrules
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

18
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "logging-operator.fullname" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "logging-operator.fullname" . }}
{{- end }}

6
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/crds.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.createCustomResource -}}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

79
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/deployment.yaml Normal file
View File

@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.podLabels }}
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
args:
{{- range .Values.extraArgs }}
- {{ . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
ports:
- name: http
containerPort: {{ .Values.http.port }}
{{- with .Values.env }}
env: {{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.securityContext }}
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts: {{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes: {{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.rbac.serviceAccountName }}
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- else if .Values.rbac.enabled }}
serviceAccountName: {{ include "logging-operator.fullname" . }}
{{- end }}

4
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{ range .Values.extraManifests }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

14
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/clusterflows.yaml Normal file
View File

@ -0,0 +1,14 @@
{{ if .Values.logging.enabled -}}
{{- range $clusterflow := .Values.logging.clusterFlows }}
---
apiVersion: logging.banzaicloud.io/v1beta1
kind: ClusterFlow
metadata:
name: {{ $clusterflow.name }}
namespace: {{ $.Values.logging.controlNamespace | default $.Release.Namespace }}
labels:
{{ include "logging-operator.labels" $ | indent 4 }}
spec:
{{ toYaml $clusterflow.spec | indent 2 }}
{{- end -}}
{{- end }}

14
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/clusteroutputs.yaml Normal file
View File

@ -0,0 +1,14 @@
{{ if .Values.logging.enabled -}}
{{- range $clusteroutput := .Values.logging.clusterOutputs }}
---
apiVersion: logging.banzaicloud.io/v1beta1
kind: ClusterOutput
metadata:
name: {{ $clusteroutput.name }}
namespace: {{ $.Values.logging.controlNamespace | default $.Release.Namespace }}
labels:
{{ include "logging-operator.labels" $ | indent 4 }}
spec:
{{ toYaml $clusteroutput.spec | indent 2 }}
{{- end -}}
{{- end }}

41
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/eventtailer.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- with $.Values.logging.eventTailer }}
{{- if and $.Values.logging.enabled .enabled }}
apiVersion: logging-extensions.banzaicloud.io/v1alpha1
kind: EventTailer
metadata:
name: {{ .name }}
spec:
controlNamespace: {{ $.Values.logging.controlNamespace | default $.Release.Namespace }}
{{- with .image }}
image:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .pvc }}
{{- if .enabled }}
positionVolume:
pvc:
spec:
accessModes: {{ .accessModes }}
resources:
requests:
storage: {{ .storage }}
volumeMode: {{ .volumeMode }}
{{- with .storageClassName }}
storageClassName: {{ . }}
{{- end }}
{{- end }}{{/* end if enabled */}}
{{- end }}{{/* end with pvc */}}
{{- with .workloadMetaOverrides }}
workloadMetaOverrides:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .workloadOverrides }}
workloadOverrides:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .containerOverrides }}
containerOverrides:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}{{/* end if enabled */}}
{{- end }}{{/* end with event-tailer */}}

17
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/fluentbit.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.logging.enabled (not .Values.logging.fluentbitDisabled) -}}
{{- $fluentbitSpec := .Values.logging.fluentbit }}
{{- if .Values.logging.loggingRef }}
{{- $fluentbitSpec := set .Values.logging.fluentbit "loggingRef" (default .Values.logging.loggingRef .Values.logging.fluentbit.loggingRef) -}}
{{- end }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: FluentbitAgent
metadata:
name: {{ include "logging-operator.releasename" . }}
labels: {{ include "logging-operator.labels" . | nindent 4 }}
{{- if $fluentbitSpec }}
spec: {{- toYaml $fluentbitSpec | nindent 2 }}
{{- else }}
spec: {}
{{- end }}
{{- end }}

31
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/hosttailer.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- with .Values.logging.hostTailer }}
{{- if and $.Values.logging.enabled .enabled }}
---
apiVersion: logging-extensions.banzaicloud.io/v1alpha1
kind: HostTailer
metadata:
name: {{ .name }}
spec:
{{- with .fileTailers }}
fileTailers:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .systemdTailers }}
systemdTailers:
{{- toYaml . | nindent 4 }}
{{- end }}
enableRecreateWorkloadOnImmutableFieldChange: {{ $.Values.logging.enableRecreateWorkloadOnImmutableFieldChange }}
{{- with .workloadMetaOverrides }}
workloadMetaOverrides:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .workloadOverrides }}
workloadOverrides:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .image }}
image:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

63
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/logging/logging.yaml Normal file
View File

@ -0,0 +1,63 @@
{{ if .Values.logging.enabled -}}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ include "logging-operator.releasename" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
{{- with .Values.logging.loggingRef }}
loggingRef: {{ . }}
{{- end }}
{{- with .Values.logging.flowConfigCheckDisabled }}
flowConfigCheckDisabled: {{ . }}
{{- end }}
{{- with .Values.logging.skipInvalidResources }}
skipInvalidResources: {{ . }}
{{- end }}
{{- with .Values.logging.flowConfigOverride }}
flowConfigOverride: {{ . }}
{{- end }}
{{- if (not .Values.logging.fluentdDisabled) }}
{{- if .Values.logging.fluentd }}
fluentd: {{- toYaml .Values.logging.fluentd | nindent 4 }}
{{- else }}
fluentd: {}
{{- end }}
{{- end }}
{{- with .Values.logging.syslogNG }}
syslogNG: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.logging.defaultFlow }}
defaultFlow: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.logging.errorOutputRef }}
errorOutputRef: {{ . }}
{{- end }}
{{- with .Values.logging.globalFilters }}
globalFilters: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.logging.watchNamespaces }}
watchNamespaces: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.logging.watchNamespaceSelector }}
watchNamespaceSelector: {{- toYaml . | nindent 4 }}
{{- end }}
clusterDomain: {{ .Values.logging.clusterDomain }}
controlNamespace: {{ .Values.logging.controlNamespace | default .Release.Namespace }}
{{- with .Values.logging.allowClusterResourcesFromAllNamespaces }}
allowClusterResourcesFromAllNamespaces: {{ . }}
{{- end }}
{{- with .Values.logging.nodeAgents }}
nodeAgents: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.logging.enableRecreateWorkloadOnImmutableFieldChange }}
enableRecreateWorkloadOnImmutableFieldChange: {{ . }}
{{- end }}
{{- with .Values.logging.enableDockerParserCompatibilityForCRI }}
enableDockerParserCompatibilityForCRI: {{ . }}
{{- end }}
{{- with .Values.logging.configCheck }}
configCheck: {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

17
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/aks/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "logging-operator.fluentbitagent.aks" -}}
{{- $logPath := "/var/log/azure/kubelet-status.log" -}}
metadata:
name: {{ .Release.Name }}-aks
spec:
disableKubernetesFilter: true
extraVolumeMounts:
- source: {{ $logPath }}
destination: {{ $logPath }}
readOnly: true
inputTail:
Tag: "aks"
Path: {{ $logPath }}
{{- end -}}
{{- if .Values.additionalLoggingSources.aks.enabled }}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.aks") -}}
{{- end }}

7
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/aks/logging.yaml Normal file
View File

@ -0,0 +1,7 @@
{{- define "logging-operator.logging.aks" -}}
metadata:
name: {{ .Release.Name }}-aks
{{- end -}}
{{- if .Values.additionalLoggingSources.aks.enabled }}
{{- include "logging-operator.logging" (list . "logging-operator.logging.aks") -}}
{{- end }}

18
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/eks/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- define "logging-operator.fluentbitagent.eks" -}}
{{- $logPath := "/var/log/messages" -}}
metadata:
name: {{ .Release.Name }}-eks
spec:
disableKubernetesFilter: true
extraVolumeMounts:
- source: {{ $logPath }}
destination: {{ $logPath }}
readOnly: true
inputTail:
Tag: "eks"
Path: {{ $logPath }}
Parser: "syslog"
{{- end -}}
{{- if .Values.additionalLoggingSources.eks.enabled }}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.eks") -}}
{{- end }}

17
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/eks/logging.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "logging-operator.logging.eks" -}}
metadata:
name: {{ .Release.Name }}-eks
spec:
fluentd:
{{- if .Values.loggingServiceAccountAnnotations.eks -}}
serviceAccount:
metadata:
annotations:
{{- with .Values.loggingServiceAccountAnnotations.eks }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.additionalLoggingSources.eks.enabled }}
{{- include "logging-operator.logging" (list . "logging-operator.logging.eks") -}}
{{- end }}

17
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/gke/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "logging-operator.fluentbitagent.gke" -}}
{{- $logPath := "/var/log/kube-proxy.log" -}}
metadata:
name: {{ .Release.Name }}-gke
spec:
disableKubernetesFilter: true
extraVolumeMounts:
- source: {{ $logPath }}
destination: {{ $logPath }}
readOnly: true
inputTail:
Tag: "gke"
Path: {{ $logPath }}
{{- end -}}
{{- if .Values.additionalLoggingSources.gke.enabled }}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.gke") -}}
{{- end }}

7
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/gke/logging.yaml Normal file
View File

@ -0,0 +1,7 @@
{{- define "logging-operator.logging.gke" -}}
metadata:
name: {{ .Release.Name }}-gke
{{- end -}}
{{- if .Values.additionalLoggingSources.gke.enabled }}
{{- include "logging-operator.logging" (list . "logging-operator.logging.gke") -}}
{{- end }}

57
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/k3s/configmap.yaml Normal file
View File

@ -0,0 +1,57 @@
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-k3s
labels:
{{ include "logging-operator.labels" . | indent 4 }}
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Grace 5
Daemon Off
Log_Level info
Coro_Stack_Size 24576
Parsers_File parsers.conf
[INPUT]
Name systemd
Tag k3s
Path {{ .Values.systemdLogPath }}
Systemd_Filter _SYSTEMD_UNIT=k3s.service
{{- if .Values.additionalLoggingSources.k3s.stripUnderscores }}
Strip_Underscores On
{{- end }}
Systemd_Filter _SYSTEMD_UNIT=k3s-agent.service
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser klog
Reserve_Data On
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser rancher
Reserve_Data On
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser etcd
Reserve_Data On
[OUTPUT]
Name forward
Match *
Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc
Port 24240
Retry_Limit False
parsers.conf: |
{{ include "logging-operator.parsers" . | indent 4 }}
{{- end }}

110
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/k3s/daemonset.yaml Normal file
View File

@ -0,0 +1,110 @@
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: "{{ .Release.Name }}-k3s-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-k3s-journald-aggregator
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/loggings/k3s/configmap.yaml") . | sha256sum }}
name: "{{ .Release.Name }}-k3s-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
labels:
name: {{ .Release.Name }}-k3s-journald-aggregator
spec:
containers:
- name: fluentbit
image: "{{ template "logging-operator.fluentbitImage" . }}"
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
volumeMounts:
- mountPath: /fluent-bit/etc/
name: config
- mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }}
name: journal
readOnly: true
- mountPath: /etc/machine-id
name: machine-id
readOnly: true
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: "{{ .Release.Name }}-k3s-journald-aggregator"
volumes:
- name: config
configMap:
name: "{{ .Release.Name }}-k3s"
- name: journal
hostPath:
path: {{ .Values.systemdLogPath | default "/var/log/journal" }}
- name: machine-id
hostPath:
path: /etc/machine-id
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Release.Name }}-k3s-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
{{- if .Values.global.cattle.psp.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-k3s-journald-aggregator"
rules:
- apiGroups:
- policy
resourceNames:
- "{{ .Release.Name }}-k3s-journald-aggregator"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-k3s-journald-aggregator"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ .Release.Name }}-k3s-journald-aggregator"
subjects:
- kind: ServiceAccount
name: "{{ .Release.Name }}-k3s-journald-aggregator"
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: "{{ .Release.Name }}-k3s-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
- hostPath
{{- end }}
{{- end }}

18
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/k3s/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- define "logging-operator.fluentbitagent.k3s-openrc" -}}
{{- $logPath := "/var/log/k3s.log" -}}
metadata:
name: {{ .Release.Name }}-k3s
spec:
disableKubernetesFilter: true
extraVolumeMounts:
- source: {{ $logPath }}
destination: {{ $logPath }}
readOnly: true
inputTail:
Tag: "k3s"
Path: {{ $logPath }}
Path_Key: filename
{{- end -}}
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.k3s-openrc") -}}
{{- end }}

7
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/k3s/logging-k3s-openrc.yaml Normal file
View File

@ -0,0 +1,7 @@
{{- define "logging-operator.logging.k3s-openrc" -}}
metadata:
name: {{ .Release.Name }}-k3s
{{- end -}}
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}}
{{- include "logging-operator.logging" (list . "logging-operator.logging.k3s-openrc") -}}
{{- end }}

21
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/kube-audit/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- define "logging-operator.fluentbitagent.kube-audit" -}}
metadata:
name: {{ .Release.Name }}-kube-audit
spec:
disableKubernetesFilter: true
extraVolumeMounts:
- source: {{ template "kubeAuditPathPrefix" . }}
destination: "/kube-audit-logs"
readOnly: true
inputTail:
Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }}
Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }}
Parser: json
{{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
nodeSelector: {{ include "controlplaneSelector" . | nindent 6 }}
{{- end -}}
{{- if .Values.additionalLoggingSources.kubeAudit.enabled }}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.kube-audit") -}}
{{- end }}

11
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/kube-audit/logging.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- define "logging-operator.logging.kube-audit" -}}
metadata:
name: {{ .Release.Name }}-kube-audit
spec:
{{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }}
loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }}
{{- end }}
{{- end -}}
{{- if .Values.additionalLoggingSources.kubeAudit.enabled }}
{{- include "logging-operator.logging" (list . "logging-operator.logging.kube-audit") -}}
{{- end }}

29
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/rke/configmap.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.additionalLoggingSources.rke.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-rke
labels:
{{ include "logging-operator.labels" . | indent 4 }}
data:
fluent-bit.conf: |
[SERVICE]
Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }}
Parsers_File parsers.conf
[INPUT]
Tag rke
Name tail
Path_Key filename
Parser docker
DB /tail-db/tail-containers-state.db
Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }}
Path /var/lib/rancher/rke/log/*.log
[OUTPUT]
Name forward
Match *
Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc
Port 24240
Retry_Limit False
{{- end }}

122
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/rke/daemonset.yaml Normal file
View File

@ -0,0 +1,122 @@
{{- if .Values.additionalLoggingSources.rke.enabled }}
{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-rke-aggregator
template:
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
labels:
name: {{ .Release.Name }}-rke-aggregator
spec:
containers:
- name: fluentbit
image: "{{ template "logging-operator.fluentbitImage" . }}"
volumeMounts:
- mountPath: /var/lib/rancher/rke/log/
name: indir
- mountPath: {{ $containers }}
name: containers
- mountPath: /tail-db
name: positiondb
- mountPath: /fluent-bit/etc/fluent-bit.conf
name: config
subPath: fluent-bit.conf
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
volumes:
- name: indir
hostPath:
path: /var/lib/rancher/rke/log/
type: DirectoryOrCreate
- name: containers
hostPath:
path: {{ $containers }}
type: DirectoryOrCreate
- name: positiondb
emptyDir: {}
- name: config
configMap:
name: "{{ .Release.Name }}-rke"
serviceAccountName: "{{ .Release.Name }}-rke-aggregator"
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
{{- if .Values.global.cattle.psp.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
rules:
- apiGroups:
- policy
resourceNames:
- "{{ .Release.Name }}-rke-aggregator"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ .Release.Name }}-rke-aggregator"
subjects:
- kind: ServiceAccount
name: "{{ .Release.Name }}-rke-aggregator"
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
allowPrivilegeEscalation: false
allowedHostPaths:
- pathPrefix: {{ $containers }}
readOnly: false
- pathPrefix: /var/lib/rancher/rke/log/
readOnly: false
- pathPrefix: /var/lib/rancher/logging/
readOnly: false
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
- hostPath
{{- end }}
{{- end }}

69
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/rke2/configmap.yaml Normal file
View File

@ -0,0 +1,69 @@
{{- if .Values.additionalLoggingSources.rke2.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-rke2
labels:
{{ include "logging-operator.labels" . | indent 4 }}
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Grace 5
Daemon Off
Log_Level info
Coro_Stack_Size 24576
Parsers_File parsers.conf
[INPUT]
Name systemd
Tag rke2
Path {{ .Values.systemdLogPath }}
Systemd_Filter _SYSTEMD_UNIT=rke2-server.service
Systemd_Filter _SYSTEMD_UNIT=rke2-agent.service
{{- if .Values.additionalLoggingSources.rke2.stripUnderscores }}
Strip_Underscores On
{{- end }}
[INPUT]
Name tail
Tag rke2
Path /var/lib/rancher/rke2/agent/logs/kubelet.log
[FILTER]
Name parser
Match *
Key_Name log
Parser klog
Reserve_Data On
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser klog
Reserve_Data On
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser rancher
Reserve_Data On
[FILTER]
Name parser
Match *
Key_Name MESSAGE
Parser etcd
Reserve_Data On
[OUTPUT]
Name forward
Match *
Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc
Port 24240
Retry_Limit False
parsers.conf: |
{{ include "logging-operator.parsers" . | indent 4 }}
{{- end }}

116
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/rke2/daemonset.yaml Normal file
View File

@ -0,0 +1,116 @@
{{- if .Values.additionalLoggingSources.rke2.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-rke2-journald-aggregator
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/loggings/rke2/configmap.yaml") . | sha256sum }}
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
labels:
name: {{ .Release.Name }}-rke2-journald-aggregator
spec:
containers:
- name: fluentbit
image: "{{ template "logging-operator.fluentbitImage" . }}"
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
volumeMounts:
- mountPath: /fluent-bit/etc/
name: config
- mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }}
name: journal
readOnly: true
- mountPath: "/var/lib/rancher/rke2/agent/logs"
name: kubelet
readOnly: true
- mountPath: /etc/machine-id
name: machine-id
readOnly: true
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator"
volumes:
- name: config
configMap:
name: "{{ .Release.Name }}-rke2"
- name: journal
hostPath:
path: {{ .Values.systemdLogPath | default "/var/log/journal" }}
- name: kubelet
hostPath:
path: "/var/lib/rancher/rke2/agent/logs"
- name: machine-id
hostPath:
path: /etc/machine-id
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
{{- if .Values.global.cattle.psp.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
rules:
- apiGroups:
- policy
resourceNames:
- "{{ .Release.Name }}-rke2-journald-aggregator"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ .Release.Name }}-rke2-journald-aggregator"
subjects:
- kind: ServiceAccount
name: "{{ .Release.Name }}-rke2-journald-aggregator"
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
- hostPath
{{- end }}
{{- end }}

29
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/root/fluentbitagent.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- define "logging-operator.fluentbitagent.root" -}}
{{- $containerLogPath := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
metadata:
name: "{{ .Release.Name }}-root"
spec:
{{- if .Values.global.dockerRootDirectory }}
mountPath: {{ $containerLogPath }}
extraVolumeMounts:
- source: {{ $containerLogPath }}
destination: {{ $containerLogPath }}
readOnly: true
{{- end }}
{{- if (include "requireFilterKubernetes" .) }}
filterKubernetes:
{{- if .Values.fluentbit.filterKubernetes.Merge_Log }}
Merge_Log: "{{ .Values.fluentbit.filterKubernetes.Merge_Log }}"
{{- end }}
{{- if .Values.fluentbit.filterKubernetes.Merge_Log_Key }}
Merge_Log_Key: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Key }}"
{{- end }}
{{- if .Values.fluentbit.filterKubernetes.Merge_Log_Trim }}
Merge_Log_Trim: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Trim }}"
{{- end }}
{{- if .Values.fluentbit.filterKubernetes.Merge_Parser }}
Merge_Parser: "{{ .Values.fluentbit.filterKubernetes.Merge_Parser }}"
{{- end }}
{{- end }}
{{- end -}}
{{- include "logging-operator.fluentbitagent" (list . "logging-operator.fluentbitagent.root") -}}

67
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/loggings/root/logging.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "logging-operator.logging.root" -}}
metadata:
name: "{{ .Release.Name }}-root"
spec:
{{- if (include "windowsEnabled" .) }}
nodeAgents:
- name: win-agent
profile: windows
nodeAgentFluentbit:
daemonSet:
spec:
template:
spec:
containers:
- image: {{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}
name: fluent-bit
tls:
enabled: {{ .Values.nodeAgents.tls.enabled | default false }}
{{- if .Values.additionalLoggingSources.rke.enabled }}
- name: win-agent-rke
profile: windows
nodeAgentFluentbit:
filterKubernetes:
Kube_Tag_Prefix: "{{ template "windowsKubernetesFilter" . }}.var.lib.rancher.rke.log."
inputTail:
Path: "{{ template "windowsPathPrefix" . }}/var/lib/rancher/rke/log"
{{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }}
Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Buffer_Max_Size }}
Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }}
Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Multiline_Flush }}
Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Skip_Long_Lines }}
Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }}
{{- end }}
extraVolumeMounts:
- source: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log"
destination: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log"
readOnly: true
daemonSet:
spec:
template:
spec:
containers:
- image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}"
name: fluent-bit
tls:
enabled: {{ .Values.nodeAgents.tls.enabled | default false }}
{{- end }}
{{- end }}
fluentd:
{{- if .Values.loggingServiceAccountAnnotations.root }}
serviceAccount:
metadata:
annotations:
{{- with .Values.loggingServiceAccountAnnotations.root }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- end -}}
{{- end -}}
{{- include "logging-operator.logging" (list . "logging-operator.logging.root") -}}

20
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/service.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
type: {{ .Values.http.service.type }}
{{- with .Values.http.service.clusterIP }}
clusterIP: {{ . }}
{{- end }}
ports:
- port: {{ .Values.http.port }}
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

30
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/service_monitor.yaml Normal file
View File

@ -0,0 +1,30 @@
{{ if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.monitoring.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
{{- with .Values.monitoring.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{ include "logging-operator.labels" . | indent 6 }}
endpoints:
- port: http
path: /metrics
{{- with .Values.monitoring.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.monitoring.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 4 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "logging-operator.namespace" . }}
{{- end }}

14
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

53
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/test_receiver.yaml Normal file
View File

@ -0,0 +1,53 @@
{{ if .Values.testReceiver.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "logging-operator.releasename" . }}-test-receiver
namespace: {{ include "logging-operator.namespace" . }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.testReceiver.port }}
targetPort: receiver
protocol: TCP
name: receiver
selector:
app.kubernetes.io/name: {{ include "logging-operator.releasename" . }}-test-receiver
app.kubernetes.io/instance: {{ .Release.Name }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "logging-operator.releasename" . }}-test-receiver
namespace: {{ include "logging-operator.namespace" . }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "logging-operator.releasename" . }}-test-receiver
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "logging-operator.releasename" . }}-test-receiver
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
fluentbit.io/exclude: "true"
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.testReceiver.image }}"
args:
{{- range .Values.testReceiver.args }}
- {{ . }}
{{- end }}
imagePullPolicy: {{ .Values.testReceiver.pullPolicy }}
resources:
{{- toYaml .Values.testReceiver.resources | nindent 12 }}
ports:
- name: receiver
containerPort: {{ .Values.testReceiver.port }}
{{- end }}

39
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/userrole.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "logging-operator.fullname" . }}-edit
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- logging.banzaicloud.io
resources:
- flows
- outputs
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- logging.banzaicloud.io
resources:
- syslogngflows
- syslogngoutputs
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}

35
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/userroles.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "logging-admin"
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- "logging.banzaicloud.io"
resources:
- flows
- outputs
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "logging-view"
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- "logging.banzaicloud.io"
resources:
- flows
- outputs
- clusterflows
- clusteroutputs
verbs:
- get
- list
- watch

29
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/validate-install-crd.yaml Normal file
View File

@ -0,0 +1,29 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/EventTailer" false -}}
# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/HostTailer" false -}}
# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterFlow" false -}}
# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterOutput" false -}}
# {{- set $found "logging.banzaicloud.io/v1alpha1/Flow" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/FluentbitAgent" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/FluentdConfig" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/LoggingRoute" false -}}
# {{- set $found "logging.banzaicloud.io/v1alpha1/Logging" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/NodeAgent" false -}}
# {{- set $found "logging.banzaicloud.io/v1alpha1/Output" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/SyslogNGClusterFlow" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/SyslogNGClusterOutput" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/SyslogNGConfig" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/SyslogNGFlow" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/SyslogNGOutput" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}

5
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/validate-install.yaml Normal file
View File

@ -0,0 +1,5 @@
#{{- if .Values.global.dockerRootDirectory }}
#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }}
#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}}
#{{- end }}
#{{- end }}

7
charts/rancher-logging/105.2.0-rc.1+up4.10.0/templates/validate-psp-install.yaml Normal file
View File

@ -0,0 +1,7 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
#{{- if .Values.global.cattle.psp.enabled }}
#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
#{{- end }}
#{{- end }}
#{{- end }}

24
charts/rancher-logging/105.2.0-rc.1+up4.10.0/values-logging-example.yaml Normal file
View File

@ -0,0 +1,24 @@
nameOverride: example
# given we use `nameOverride: example` if testReceiver is enabled we can send http metrics to http://example-test-receiver:8080
testReceiver:
enabled: true
logging:
enabled: true
clusterFlows:
- name: all
spec:
match:
- select: {}
globalOutputRefs: ["http"]
clusterOutputs:
- name: http
spec:
http:
endpoint: http://example-test-receiver:8080
content_type: application/json
buffer:
type: memory
timekey: 1s
timekey_wait: 1s

495
charts/rancher-logging/105.2.0-rc.1+up4.10.0/values.yaml Normal file
View File

@ -0,0 +1,495 @@
# Default values for logging-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: rancher/mirrored-kube-logging-logging-operator
tag: 4.10.0
pullPolicy: IfNotPresent
env: []
volumes: []
volumeMounts: []
extraArgs:
- -enable-leader-election=true
imagePullSecrets: []
# -- A name in place of the chart name for `app:` labels.
nameOverride: ""
# -- A name to substitute for the full names of resources.
fullnameOverride: ""
# -- A namespace override for the app.
namespaceOverride: ""
# -- Define annotations for logging-operator pods.
annotations: {}
# -- Deploy CRDs used by Logging Operator.
createCustomResource: false
http:
# -- HTTP listen port number.
port: 8080
# -- Service definition for query http service.
service:
type: ClusterIP
clusterIP: None
# Annotations to query http service
annotations: {}
# Labels to query http service
labels: {}
rbac:
# -- Create rbac service account and roles.
enabled: true
# specify service account manually
# serviceAccountName: custom
monitoring:
serviceMonitor:
# -- Create a Prometheus Operator ServiceMonitor object.
enabled: false
additionalLabels: {}
metricRelabelings: []
relabelings: []
# -- Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/)
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext: {}
# runAsNonRoot: true
# runAsUser: 1000
# fsGroup: 2000
# -- Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/)
securityContext: {}
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true
# capabilities:
# drop: ["ALL"]
# -- Operator priorityClassName.
priorityClassName: {}
serviceAccount:
# -- Define annotations for logging-operator ServiceAccount.
annotations: {}
# -- CPU/Memory resource requests/limits
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
# -- Node Tolerations
tolerations: []
# -- Node Affinity
affinity: {}
# -- Define which Nodes the Pods are scheduled on.
podLabels: {}
# Logging resources configuration.
logging:
# -- Logging resources are disabled by default
enabled: false
# -- Reference to the logging system. Each of the loggingRefs can manage a 1bit daemonset and a fluentd statefulset.
loggingRef: ""
# -- Disable configuration check before applying new fluentd configuration.
flowConfigCheckDisabled: false
# -- Whether to skip invalid Flow and ClusterFlow resources
skipInvalidResources: false
# -- Override generated config. This is a raw configuration string for troubleshooting purposes.
flowConfigOverride: ""
# -- Flag to disable fluentbit completely
fluentbitDisabled: false
# -- Fluent-bit configurations https://kube-logging.github.io/docs/configuration/crds/v1beta1/fluentbit_types/
fluentbit: {}
# -- Flag to disable fluentd completely
fluentdDisabled: false
# -- Fluentd configurations https://kube-logging.github.io/docs/configuration/crds/v1beta1/fluentd_types/
fluentd: {}
# 20Gi persistent storage is configured for fluentd by default.
# Here is an example, on how to override it:
# bufferStorageVolume:
# pvc:
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 40Gi
# -- Syslog-NG statefulset configuration
syslogNG: {}
# -- Default flow for unmatched logs. This Flow configuration collects all logs that didnt match any other Flow.
defaultFlow: {}
# -- GlobalOutput name to flush ERROR events to
errorOutputRef: ""
# -- Global filters to apply on logs before any match or filter mechanism.
globalFilters: []
# -- Limit namespaces to watch Flow and Output custom resources.
watchNamespaces: []
# -- Limit namespaces to watch Flow and Output custom resources.
watchNamespaceSelector: {}
# -- Cluster domain name to be used when templating URLs to services
clusterDomain: "cluster.local."
# -- Namespace for cluster wide configuration resources like ClusterFlow and ClusterOutput. This should be a protected namespace from regular users. Resources like fluentbit and fluentd will run in this namespace as well.
controlNamespace: ""
# -- Allow configuration of cluster resources from any namespace. Mutually exclusive with ControlNamespace restriction of Cluster resources
allowClusterResourcesFromAllNamespaces: false
# -- NodeAgent Configuration
nodeAgents: {}
# - name: win-agent
# profile: windows
# nodeAgentFluentbit:
# daemonSet:
# spec:
# template:
# spec:
# containers:
# - image: banzaicloud/fluentbit:1.9.5
# name: fluent-bit
# tls:
# enabled: false
# - name: linux-agent
# profile: linux
# nodeAgentFluentbit:
# metrics:
# prometheusAnnotations: true
# serviceMonitor: false
# tls:
# enabled: false
# -- configCheck provides possibility for timeout-based configuration checks https://kube-logging.dev/docs/whats-new/#timeout-based-configuration-checks
configCheck: {}
# -- EnableRecreateWorkloadOnImmutableFieldChange enables the operator to recreate the fluentbit daemonset and the fluentd statefulset (and possibly other resource in the future) in case there is a change in an immutable field that otherwise couldnt be managed with a simple update.
enableRecreateWorkloadOnImmutableFieldChange: false
# -- EnableDockerParserCompatibilityForCRI enables Docker log format compatibility for CRI workloads.
enableDockerParserCompatibilityForCRI: false
# -- ClusterFlows to deploy
clusterFlows: []
# -- ClusterOutputs to deploy
clusterOutputs: []
# Send all pod logs to kafka
# clusterFlows:
# - name: all
# spec:
# match:
# - select: {}
# globalOutputRefs: ["kafka"]
# clusterOutputs:
# - name: kafka
# spec:
# kafka:
# brokers: kafka-headless.kafka.svc.cluster.local:29092
# format:
# type: json
# default_topic: topic
# EventTailer config
eventTailer:
enabled: false
name: event-tailer
image:
# -- repository of eventTailer image
repository:
# -- tag of eventTailer image
tag:
# -- pullPolicy of eventTailer image
pullPolicy:
# -- imagePullSecrets of eventTailer image
imagePullSecrets: []
pvc:
# -- enable pvc for
enabled: false
# -- storage class for event tailer pvc
accessModes:
- ReadWriteOnce
# -- storage class for event tailer pvc
volumeMode: Filesystem
# -- storage for event tailer pvc
storage: 1Gi
# -- storage class for event tailer pvc
storageClassName:
# -- workloadMetaOverrides
workloadMetaOverrides:
# -- workloadOverrides
workloadOverrides:
# -- containerOverrides
containerOverrides:
hostTailer:
# -- HostTailer
enabled: false
# -- name of HostTailer
name: hosttailer
image:
# -- repository of eventTailer image
repository:
# -- tag of eventTailer image
tag:
# -- pullPolicy of eventTailer image
pullPolicy:
# -- imagePullSecrets of eventTailer image
imagePullSecrets: []
# -- workloadMetaOverrides of HostTailer
workloadMetaOverrides:
# -- workloadOverrides of HostTailer
workloadOverrides:
# -- configure fileTailers of HostTailer
# example:
# - name: sample-file
# path: /var/log/sample-file
# disabled: false
# buffer_max_size:
# buffer_chunk_size:
# skip_long_lines:
# read_from_head: false
# containerOverrides:
# image:
fileTailers: []
# -- configure systemdTailers of HostTailer
# example:
# - name: system-sample
# disabled: false
# systemdFilter: kubelet.service
# maxEntries: 20
# containerOverrides:
# image:
systemdTailers: []
testReceiver:
enabled: false
image: fluent/fluent-bit
pullPolicy: IfNotPresent
port: 8080
# args: ["-i", "http", "-p", "port=8080", "-o", "stdout"]
# resources:
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 20m
# memory: 25Mi
# Service definition for query http service
service:
type: ClusterIP
clusterIP: None
# Annotations to query http service
annotations: {}
# Labels to query http service
labels: {}
# Logging CR specific serviceAccount annotations
loggingServiceAccountAnnotations: {}
## Syntax ##
# <logging-name>:
# <key>: <value>
#
## Example ##
#
# root:
# eks.amazonaws.com/role-arn: <RoleARN>
#
## Result - added to the Logging resource ##
#
# spec:
# fluentd:
# serviceAccount:
# metadata:
# annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::1234567890:role/my-iam-role
#
###################################
# Rancher Logging Operator Values #
###################################
# Enable debug to use fluent-bit images that allow exec
debug: false
# Disable persistent volumes for buffers
disablePvc: true
# If your additional logging sources collect logs from systemd configure the systemd log path here
systemdLogPath: "/run/log/journal"
global:
cattle:
systemDefaultRegistry: ""
# Uncomment the below two lines to either enable or disable Windows logging. If this chart is
# installed via the Rancher UI, it will set this value to "true" if the cluster is a Windows
# cluster. In that scenario, if you would like to disable Windows logging on Windows clusters,
# set the value below to "false".
# windows:
# enabled: true
psp:
enabled: false
# Change the "dockerRootDirectory" if the default Docker directory has changed.
dockerRootDirectory: ""
rkeWindowsPathPrefix: "c:\\"
seLinux:
enabled: false
images:
config_reloader:
repository: rancher/mirrored-kube-logging-config-reloader
tag: v0.0.6
fluentbit:
repository: rancher/mirrored-fluent-fluent-bit
tag: 3.1.8
nodeagent_fluentbit:
os: "windows"
repository: rancher/fluent-bit
tag: 3.1.8
fluentbit_debug:
repository: rancher/mirrored-fluent-fluent-bit
tag: 3.1.8-debug
fluentd:
repository: rancher/mirrored-kube-logging-fluentd
tag: v1.16-4.10-full
additionalLoggingSources:
rke:
enabled: false
fluentbit:
log_level: "info"
mem_buffer_limit: "5MB"
rke2:
enabled: false
stripUnderscores: false
k3s:
enabled: false
container_engine: "systemd"
stripUnderscores: false
aks:
enabled: false
eks:
enabled: false
gke:
enabled: false
kubeAudit:
auditFilename: ""
enabled: false
pathPrefix: ""
fluentbit:
logTag: kube-audit
tolerations:
- key: node-role.kubernetes.io/control-plane
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/etcd
value: "true"
effect: NoExecute
# configures node agent options for windows node agents
nodeAgents:
tls:
enabled: false
# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources".
# Changing these affects every Logging CR installed.
fluentd:
bufferStorageVolume: {}
livenessProbe:
tcpSocket:
port: 24240
initialDelaySeconds: 30
periodSeconds: 15
nodeSelector: {}
resources: {}
tolerations: {}
env: []
logLevel: {}
metrics:
# Ref: https://kube-logging.dev/docs/operation/logging-operator-monitoring/
serviceMonitor: false
prometheusRules: false
fluentbit:
inputTail:
Buffer_Chunk_Size: ""
Buffer_Max_Size: ""
Mem_Buf_Limit: ""
Multiline_Flush: ""
Skip_Long_Lines: ""
resources: {}
tolerations:
- key: node-role.kubernetes.io/control-plane
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/etcd
value: "true"
effect: NoExecute
filterKubernetes:
Merge_Log: ""
Merge_Log_Key: ""
Merge_Log_Trim: ""
Merge_Parser: ""
metrics:
# Ref: https://kube-logging.dev/docs/operation/logging-operator-monitoring/
serviceMonitor: false
prometheusRules: false
# -- Extra manifests to deploy as an array
extraManifests: []
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# labels:
# name: extra-manifest
# data:
# extra-data: "value"
# DO NOT SET THIS UNLESS YOU KNOW WHAT YOU ARE DOING.
# Setting fields on this object can break rancher logging or cause unexpected behavior. It is intended to be used if you
# need to configure functionality not exposed by rancher logging. It is highly recommended you check the `app-readme.md`
# for the functionality you need before modifying this object.
# this object will be merged with every logging CR created by this chart. Any fields that collide with fields from the
# settings above will be overridden. Any fields that collide with fields set in the files in `templates/loggings` will
# be ignored.

48
index.yaml
View File

@ -15461,6 +15461,40 @@ entries:
- assets/rancher-istio/rancher-istio-101.0.0+up1.14.3.tgz - assets/rancher-istio/rancher-istio-101.0.0+up1.14.3.tgz
version: 101.0.0+up1.14.3 version: 101.0.0+up1.14.3
rancher-logging: rancher-logging:
- annotations:
catalog.cattle.io/auto-install: rancher-logging-crd=match
catalog.cattle.io/certified: rancher
catalog.cattle.io/deploys-on-os: windows
catalog.cattle.io/display-name: Logging
catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0'
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0'
catalog.cattle.io/release-name: rancher-logging
catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: logging
catalog.cattle.io/upstream-version: 4.10.0
apiVersion: v2
appVersion: 4.10.0
created: "2024-12-16T12:07:43.695041281-04:00"
description: Logging operator for Kubernetes based on Fluentd and Fluentbit.
digest: a9653060cd5759deddf26d38acf5fd4d7eb2414789cde1f10c38818b11e1610b
home: https://kube-logging.github.io
icon: file://assets/logos/rancher-logging.svg
keywords:
- logging
- fluentd
- fluentbit
kubeVersion: '>=1.28.0-0'
name: rancher-logging
sources:
- https://github.com/kube-logging/logging-operator
- https://github.com/kube-logging/helm-charts/tree/main/charts/logging-operator
type: application
urls:
- assets/rancher-logging/rancher-logging-105.2.0-rc.1+up4.10.0.tgz
version: 105.2.0-rc.1+up4.10.0
- annotations: - annotations:
catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/auto-install: rancher-logging-crd=match
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
@ -15971,6 +16005,20 @@ entries:
- assets/rancher-logging/rancher-logging-101.0.0+up3.17.7.tgz - assets/rancher-logging/rancher-logging-101.0.0+up3.17.7.tgz
version: 101.0.0+up3.17.7 version: 101.0.0+up3.17.7
rancher-logging-crd: rancher-logging-crd:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/release-name: rancher-logging-crd
apiVersion: v1
created: "2024-12-16T12:07:43.76347304-04:00"
description: Installs the CRDs for rancher-logging.
digest: f477876aba7b00dcbebb5890693a8837fdfbb53f3c849f8df8d2656638d15381
name: rancher-logging-crd
type: application
urls:
- assets/rancher-logging-crd/rancher-logging-crd-105.2.0-rc.1+up4.10.0.tgz
version: 105.2.0-rc.1+up4.10.0
- annotations: - annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true" catalog.cattle.io/hidden: "true"

2
packages/rancher-logging/generated-changes/patch/values.yaml.patch
View File

@ -130,7 +130,7 @@
+ nodeagent_fluentbit: + nodeagent_fluentbit:
+ os: "windows" + os: "windows"
+ repository: rancher/fluent-bit + repository: rancher/fluent-bit
+ tag: 2.2.0 + tag: 3.1.8
+ fluentbit_debug: + fluentbit_debug:
+ repository: rancher/mirrored-fluent-fluent-bit + repository: rancher/mirrored-fluent-fluent-bit
+ tag: 3.1.8-debug + tag: 3.1.8-debug

2
packages/rancher-logging/package.yaml
View File

@ -1,5 +1,5 @@
url: oci://ghcr.io/kube-logging/helm-charts/logging-operator:4.10.0 url: oci://ghcr.io/kube-logging/helm-charts/logging-operator:4.10.0
version: 105.1.0 version: 105.2.0-rc.1
additionalCharts: additionalCharts:
- workingDir: charts-crd - workingDir: charts-crd
crdOptions: crdOptions:

4
release.yaml
View File

@ -4,3 +4,7 @@ rancher-cis-benchmark:
- 105.1.0+up7.1.1 - 105.1.0+up7.1.1
rancher-cis-benchmark-crd: rancher-cis-benchmark-crd:
- 105.1.0+up7.1.1 - 105.1.0+up7.1.1
rancher-logging:
- 105.2.0-rc.1+up4.10.0
rancher-logging-crd:
- 105.2.0-rc.1+up4.10.0