mirror of https://git.rancher.io/charts
Merge pull request #988 from cmurphy/logging-selinux-dev-v2.5-source
[2.5.8] Add global seLinux toggle to rancher-loggingpull/1047/head
parent
4436bbb6e4
commit
9114480996
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,10 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/namespace: cattle-logging-system
|
||||
catalog.cattle.io/release-name: rancher-logging-crd
|
||||
apiVersion: v1
|
||||
description: Installs the CRDs for rancher-logging.
|
||||
name: rancher-logging-crd
|
||||
type: application
|
||||
version: 3.9.002-rc01
|
|
@ -0,0 +1,2 @@
|
|||
# rancher-logging-crd
|
||||
A Rancher chart that installs the CRDs used by rancher-logging.
|
|
@ -0,0 +1,765 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.2.4
|
||||
creationTimestamp: null
|
||||
name: clusterflows.logging.banzaicloud.io
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .status.active
|
||||
description: Is the flow active?
|
||||
name: Active
|
||||
type: boolean
|
||||
- JSONPath: .status.problemsCount
|
||||
description: Number of problems
|
||||
name: Problems
|
||||
type: integer
|
||||
group: logging.banzaicloud.io
|
||||
names:
|
||||
categories:
|
||||
- logging-all
|
||||
kind: ClusterFlow
|
||||
listKind: ClusterFlowList
|
||||
plural: clusterflows
|
||||
singular: clusterflow
|
||||
preserveUnknownFields: false
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
filters:
|
||||
items:
|
||||
properties:
|
||||
concat:
|
||||
properties:
|
||||
continuous_line_regexp:
|
||||
type: string
|
||||
flush_interval:
|
||||
type: integer
|
||||
keep_partial_key:
|
||||
type: boolean
|
||||
keep_partial_metadata:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
multiline_end_regexp:
|
||||
type: string
|
||||
multiline_start_regexp:
|
||||
type: string
|
||||
n_lines:
|
||||
type: integer
|
||||
partial_key:
|
||||
type: string
|
||||
partial_value:
|
||||
type: string
|
||||
separator:
|
||||
type: string
|
||||
stream_identity_key:
|
||||
type: string
|
||||
timeout_label:
|
||||
type: string
|
||||
use_first_timestamp:
|
||||
type: boolean
|
||||
use_partial_metadata:
|
||||
type: string
|
||||
type: object
|
||||
dedot:
|
||||
properties:
|
||||
de_dot_nested:
|
||||
type: boolean
|
||||
de_dot_separator:
|
||||
type: string
|
||||
type: object
|
||||
detectExceptions:
|
||||
properties:
|
||||
languages:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
max_bytes:
|
||||
type: integer
|
||||
max_lines:
|
||||
type: integer
|
||||
message:
|
||||
type: string
|
||||
multiline_flush_interval:
|
||||
type: string
|
||||
remove_tag_prefix:
|
||||
type: string
|
||||
stream:
|
||||
type: string
|
||||
type: object
|
||||
enhanceK8s:
|
||||
properties:
|
||||
api_groups:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
bearer_token_file:
|
||||
type: string
|
||||
ca_file:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
cache_refresh:
|
||||
type: integer
|
||||
cache_refresh_variation:
|
||||
type: integer
|
||||
cache_size:
|
||||
type: integer
|
||||
cache_ttl:
|
||||
type: integer
|
||||
client_cert:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
client_key:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
core_api_versions:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
data_type:
|
||||
type: string
|
||||
in_namespace_path:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
in_pod_path:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
kubernetes_url:
|
||||
type: string
|
||||
secret_dir:
|
||||
type: string
|
||||
ssl_partial_chain:
|
||||
type: boolean
|
||||
verify_ssl:
|
||||
type: boolean
|
||||
type: object
|
||||
geoip:
|
||||
properties:
|
||||
backend_library:
|
||||
type: string
|
||||
geoip_2_database:
|
||||
type: string
|
||||
geoip_database:
|
||||
type: string
|
||||
geoip_lookup_keys:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
skip_adding_null_record:
|
||||
type: boolean
|
||||
type: object
|
||||
grep:
|
||||
properties:
|
||||
and:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
or:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
parser:
|
||||
properties:
|
||||
emit_invalid_record_to_error:
|
||||
type: boolean
|
||||
hash_value_field:
|
||||
type: string
|
||||
inject_key_prefix:
|
||||
type: string
|
||||
key_name:
|
||||
type: string
|
||||
parse:
|
||||
properties:
|
||||
delimiter:
|
||||
type: string
|
||||
delimiter_pattern:
|
||||
type: string
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
format_firstline:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
label_delimiter:
|
||||
type: string
|
||||
local_time:
|
||||
type: boolean
|
||||
multiline:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
patterns:
|
||||
items:
|
||||
properties:
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
local_time:
|
||||
type: boolean
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
parsers:
|
||||
items:
|
||||
properties:
|
||||
delimiter:
|
||||
type: string
|
||||
delimiter_pattern:
|
||||
type: string
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
format_firstline:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
label_delimiter:
|
||||
type: string
|
||||
local_time:
|
||||
type: boolean
|
||||
multiline:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
patterns:
|
||||
items:
|
||||
properties:
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
local_time:
|
||||
type: boolean
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
remove_key_name_field:
|
||||
type: boolean
|
||||
replace_invalid_sequence:
|
||||
type: boolean
|
||||
reserve_data:
|
||||
type: boolean
|
||||
reserve_time:
|
||||
type: boolean
|
||||
type: object
|
||||
prometheus:
|
||||
properties:
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
metrics:
|
||||
items:
|
||||
properties:
|
||||
buckets:
|
||||
type: string
|
||||
desc:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
name:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
required:
|
||||
- desc
|
||||
- name
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
record_modifier:
|
||||
properties:
|
||||
char_encoding:
|
||||
type: string
|
||||
prepare_value:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
remove_keys:
|
||||
type: string
|
||||
replaces:
|
||||
items:
|
||||
properties:
|
||||
expression:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
replace:
|
||||
type: string
|
||||
required:
|
||||
- expression
|
||||
- key
|
||||
- replace
|
||||
type: object
|
||||
type: array
|
||||
whitelist_keys:
|
||||
type: string
|
||||
type: object
|
||||
record_transformer:
|
||||
properties:
|
||||
auto_typecast:
|
||||
type: boolean
|
||||
enable_ruby:
|
||||
type: boolean
|
||||
keep_keys:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
remove_keys:
|
||||
type: string
|
||||
renew_record:
|
||||
type: boolean
|
||||
renew_time_key:
|
||||
type: string
|
||||
type: object
|
||||
stdout:
|
||||
properties:
|
||||
output_type:
|
||||
type: string
|
||||
type: object
|
||||
sumologic:
|
||||
properties:
|
||||
collector_key_name:
|
||||
type: string
|
||||
collector_value:
|
||||
type: string
|
||||
exclude_container_regex:
|
||||
type: string
|
||||
exclude_facility_regex:
|
||||
type: string
|
||||
exclude_host_regex:
|
||||
type: string
|
||||
exclude_namespace_regex:
|
||||
type: string
|
||||
exclude_pod_regex:
|
||||
type: string
|
||||
exclude_priority_regex:
|
||||
type: string
|
||||
exclude_unit_regex:
|
||||
type: string
|
||||
log_format:
|
||||
type: string
|
||||
source_category:
|
||||
type: string
|
||||
source_category_key_name:
|
||||
type: string
|
||||
source_category_prefix:
|
||||
type: string
|
||||
source_category_replace_dash:
|
||||
type: string
|
||||
source_host:
|
||||
type: string
|
||||
source_host_key_name:
|
||||
type: string
|
||||
source_name:
|
||||
type: string
|
||||
source_name_key_name:
|
||||
type: string
|
||||
tracing_annotation_prefix:
|
||||
type: string
|
||||
tracing_container_name:
|
||||
type: string
|
||||
tracing_format:
|
||||
type: boolean
|
||||
tracing_host:
|
||||
type: string
|
||||
tracing_label_prefix:
|
||||
type: string
|
||||
tracing_namespace:
|
||||
type: string
|
||||
tracing_pod:
|
||||
type: string
|
||||
tracing_pod_id:
|
||||
type: string
|
||||
type: object
|
||||
tag_normaliser:
|
||||
properties:
|
||||
format:
|
||||
type: string
|
||||
type: object
|
||||
throttle:
|
||||
properties:
|
||||
group_bucket_limit:
|
||||
type: integer
|
||||
group_bucket_period_s:
|
||||
type: integer
|
||||
group_drop_logs:
|
||||
type: boolean
|
||||
group_key:
|
||||
type: string
|
||||
group_reset_rate_s:
|
||||
type: integer
|
||||
group_warning_delay_s:
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
globalOutputRefs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
loggingRef:
|
||||
type: string
|
||||
match:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
properties:
|
||||
container_names:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
hosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
namespaces:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
select:
|
||||
properties:
|
||||
container_names:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
hosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
namespaces:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
outputRefs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
selectors:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
properties:
|
||||
active:
|
||||
type: boolean
|
||||
problems:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
problemsCount:
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
version: v1beta1
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,761 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.2.4
|
||||
creationTimestamp: null
|
||||
name: flows.logging.banzaicloud.io
|
||||
spec:
|
||||
additionalPrinterColumns:
|
||||
- JSONPath: .status.active
|
||||
description: Is the flow active?
|
||||
name: Active
|
||||
type: boolean
|
||||
- JSONPath: .status.problemsCount
|
||||
description: Number of problems
|
||||
name: Problems
|
||||
type: integer
|
||||
group: logging.banzaicloud.io
|
||||
names:
|
||||
categories:
|
||||
- logging-all
|
||||
kind: Flow
|
||||
listKind: FlowList
|
||||
plural: flows
|
||||
singular: flow
|
||||
preserveUnknownFields: false
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
filters:
|
||||
items:
|
||||
properties:
|
||||
concat:
|
||||
properties:
|
||||
continuous_line_regexp:
|
||||
type: string
|
||||
flush_interval:
|
||||
type: integer
|
||||
keep_partial_key:
|
||||
type: boolean
|
||||
keep_partial_metadata:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
multiline_end_regexp:
|
||||
type: string
|
||||
multiline_start_regexp:
|
||||
type: string
|
||||
n_lines:
|
||||
type: integer
|
||||
partial_key:
|
||||
type: string
|
||||
partial_value:
|
||||
type: string
|
||||
separator:
|
||||
type: string
|
||||
stream_identity_key:
|
||||
type: string
|
||||
timeout_label:
|
||||
type: string
|
||||
use_first_timestamp:
|
||||
type: boolean
|
||||
use_partial_metadata:
|
||||
type: string
|
||||
type: object
|
||||
dedot:
|
||||
properties:
|
||||
de_dot_nested:
|
||||
type: boolean
|
||||
de_dot_separator:
|
||||
type: string
|
||||
type: object
|
||||
detectExceptions:
|
||||
properties:
|
||||
languages:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
max_bytes:
|
||||
type: integer
|
||||
max_lines:
|
||||
type: integer
|
||||
message:
|
||||
type: string
|
||||
multiline_flush_interval:
|
||||
type: string
|
||||
remove_tag_prefix:
|
||||
type: string
|
||||
stream:
|
||||
type: string
|
||||
type: object
|
||||
enhanceK8s:
|
||||
properties:
|
||||
api_groups:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
bearer_token_file:
|
||||
type: string
|
||||
ca_file:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
cache_refresh:
|
||||
type: integer
|
||||
cache_refresh_variation:
|
||||
type: integer
|
||||
cache_size:
|
||||
type: integer
|
||||
cache_ttl:
|
||||
type: integer
|
||||
client_cert:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
client_key:
|
||||
properties:
|
||||
mountFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
value:
|
||||
type: string
|
||||
valueFrom:
|
||||
properties:
|
||||
secretKeyRef:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
core_api_versions:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
data_type:
|
||||
type: string
|
||||
in_namespace_path:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
in_pod_path:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
kubernetes_url:
|
||||
type: string
|
||||
secret_dir:
|
||||
type: string
|
||||
ssl_partial_chain:
|
||||
type: boolean
|
||||
verify_ssl:
|
||||
type: boolean
|
||||
type: object
|
||||
geoip:
|
||||
properties:
|
||||
backend_library:
|
||||
type: string
|
||||
geoip_2_database:
|
||||
type: string
|
||||
geoip_database:
|
||||
type: string
|
||||
geoip_lookup_keys:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
skip_adding_null_record:
|
||||
type: boolean
|
||||
type: object
|
||||
grep:
|
||||
properties:
|
||||
and:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
or:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
regexp:
|
||||
items:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
pattern:
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- pattern
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
parser:
|
||||
properties:
|
||||
emit_invalid_record_to_error:
|
||||
type: boolean
|
||||
hash_value_field:
|
||||
type: string
|
||||
inject_key_prefix:
|
||||
type: string
|
||||
key_name:
|
||||
type: string
|
||||
parse:
|
||||
properties:
|
||||
delimiter:
|
||||
type: string
|
||||
delimiter_pattern:
|
||||
type: string
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
format_firstline:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
label_delimiter:
|
||||
type: string
|
||||
local_time:
|
||||
type: boolean
|
||||
multiline:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
patterns:
|
||||
items:
|
||||
properties:
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
local_time:
|
||||
type: boolean
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
parsers:
|
||||
items:
|
||||
properties:
|
||||
delimiter:
|
||||
type: string
|
||||
delimiter_pattern:
|
||||
type: string
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
format_firstline:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
label_delimiter:
|
||||
type: string
|
||||
local_time:
|
||||
type: boolean
|
||||
multiline:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
patterns:
|
||||
items:
|
||||
properties:
|
||||
estimate_current_event:
|
||||
type: boolean
|
||||
expression:
|
||||
type: string
|
||||
format:
|
||||
type: string
|
||||
keep_time_key:
|
||||
type: boolean
|
||||
local_time:
|
||||
type: boolean
|
||||
null_empty_string:
|
||||
type: boolean
|
||||
null_value_pattern:
|
||||
type: string
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
time_format:
|
||||
type: string
|
||||
time_key:
|
||||
type: string
|
||||
time_type:
|
||||
type: string
|
||||
timezone:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
types:
|
||||
type: string
|
||||
utc:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
remove_key_name_field:
|
||||
type: boolean
|
||||
replace_invalid_sequence:
|
||||
type: boolean
|
||||
reserve_data:
|
||||
type: boolean
|
||||
reserve_time:
|
||||
type: boolean
|
||||
type: object
|
||||
prometheus:
|
||||
properties:
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
metrics:
|
||||
items:
|
||||
properties:
|
||||
buckets:
|
||||
type: string
|
||||
desc:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
name:
|
||||
type: string
|
||||
type:
|
||||
type: string
|
||||
required:
|
||||
- desc
|
||||
- name
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
record_modifier:
|
||||
properties:
|
||||
char_encoding:
|
||||
type: string
|
||||
prepare_value:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
remove_keys:
|
||||
type: string
|
||||
replaces:
|
||||
items:
|
||||
properties:
|
||||
expression:
|
||||
type: string
|
||||
key:
|
||||
type: string
|
||||
replace:
|
||||
type: string
|
||||
required:
|
||||
- expression
|
||||
- key
|
||||
- replace
|
||||
type: object
|
||||
type: array
|
||||
whitelist_keys:
|
||||
type: string
|
||||
type: object
|
||||
record_transformer:
|
||||
properties:
|
||||
auto_typecast:
|
||||
type: boolean
|
||||
enable_ruby:
|
||||
type: boolean
|
||||
keep_keys:
|
||||
type: string
|
||||
records:
|
||||
items:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
remove_keys:
|
||||
type: string
|
||||
renew_record:
|
||||
type: boolean
|
||||
renew_time_key:
|
||||
type: string
|
||||
type: object
|
||||
stdout:
|
||||
properties:
|
||||
output_type:
|
||||
type: string
|
||||
type: object
|
||||
sumologic:
|
||||
properties:
|
||||
collector_key_name:
|
||||
type: string
|
||||
collector_value:
|
||||
type: string
|
||||
exclude_container_regex:
|
||||
type: string
|
||||
exclude_facility_regex:
|
||||
type: string
|
||||
exclude_host_regex:
|
||||
type: string
|
||||
exclude_namespace_regex:
|
||||
type: string
|
||||
exclude_pod_regex:
|
||||
type: string
|
||||
exclude_priority_regex:
|
||||
type: string
|
||||
exclude_unit_regex:
|
||||
type: string
|
||||
log_format:
|
||||
type: string
|
||||
source_category:
|
||||
type: string
|
||||
source_category_key_name:
|
||||
type: string
|
||||
source_category_prefix:
|
||||
type: string
|
||||
source_category_replace_dash:
|
||||
type: string
|
||||
source_host:
|
||||
type: string
|
||||
source_host_key_name:
|
||||
type: string
|
||||
source_name:
|
||||
type: string
|
||||
source_name_key_name:
|
||||
type: string
|
||||
tracing_annotation_prefix:
|
||||
type: string
|
||||
tracing_container_name:
|
||||
type: string
|
||||
tracing_format:
|
||||
type: boolean
|
||||
tracing_host:
|
||||
type: string
|
||||
tracing_label_prefix:
|
||||
type: string
|
||||
tracing_namespace:
|
||||
type: string
|
||||
tracing_pod:
|
||||
type: string
|
||||
tracing_pod_id:
|
||||
type: string
|
||||
type: object
|
||||
tag_normaliser:
|
||||
properties:
|
||||
format:
|
||||
type: string
|
||||
type: object
|
||||
throttle:
|
||||
properties:
|
||||
group_bucket_limit:
|
||||
type: integer
|
||||
group_bucket_period_s:
|
||||
type: integer
|
||||
group_drop_logs:
|
||||
type: boolean
|
||||
group_key:
|
||||
type: string
|
||||
group_reset_rate_s:
|
||||
type: integer
|
||||
group_warning_delay_s:
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
globalOutputRefs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
localOutputRefs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
loggingRef:
|
||||
type: string
|
||||
match:
|
||||
items:
|
||||
properties:
|
||||
exclude:
|
||||
properties:
|
||||
container_names:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
hosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
select:
|
||||
properties:
|
||||
container_names:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
hosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
outputRefs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
selectors:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
properties:
|
||||
active:
|
||||
type: boolean
|
||||
problems:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
problemsCount:
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
version: v1beta1
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
|
@ -0,0 +1,20 @@
|
|||
annotations:
|
||||
catalog.cattle.io/auto-install: rancher-logging-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: Logging
|
||||
catalog.cattle.io/namespace: cattle-logging-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
|
||||
catalog.cattle.io/release-name: rancher-logging
|
||||
catalog.cattle.io/ui-component: logging
|
||||
apiVersion: v1
|
||||
appVersion: 3.9.0
|
||||
description: Collects and filter logs using highly configurable CRDs. Powered by Banzai
|
||||
Cloud Logging Operator.
|
||||
icon: https://charts.rancher.io/assets/logos/logging.svg
|
||||
keywords:
|
||||
- logging
|
||||
- monitoring
|
||||
- security
|
||||
name: rancher-logging
|
||||
version: 3.9.002-rc01
|
|
@ -0,0 +1,130 @@
|
|||
|
||||
# Logging operator Chart
|
||||
|
||||
[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster.
|
||||
|
||||
## tl;dr:
|
||||
|
||||
```bash
|
||||
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
|
||||
$ helm repo update
|
||||
$ helm install banzaicloud-stable/logging-operator
|
||||
```
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.8+ with Beta APIs enabled
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```bash
|
||||
$ helm install --name my-release banzaicloud-stable/logging-operator
|
||||
```
|
||||
|
||||
### CRDs
|
||||
Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time.
|
||||
|
||||
The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the `my-release` deployment:
|
||||
|
||||
```bash
|
||||
$ helm delete my-release
|
||||
```
|
||||
|
||||
The command removes all Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Configuration
|
||||
|
||||
The following tables lists the configurable parameters of the logging-operator chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ |
|
||||
| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` |
|
||||
| `image.tag` | Container image tag | `3.9.0` |
|
||||
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
|
||||
| `nameOverride` | Override name of app | `` |
|
||||
| `fullnameOverride` | Override full name of app | `` |
|
||||
| `namespaceOverride` | Override namespace of app | `` |
|
||||
| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` |
|
||||
| `rbac.enabled` | Create rbac service account and roles | `true` |
|
||||
| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` |
|
||||
| `priorityClassName` | Operator priorityClassName | `{}` |
|
||||
| `affinity` | Node Affinity | `{}` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `tolerations` | Node Tolerations | `[]` |
|
||||
| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` |
|
||||
| `annotations` | Define annotations for logging-operator pods | `{}` |
|
||||
| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` |
|
||||
| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` |
|
||||
| `createCustomResource` | Create CRDs. | `true` |
|
||||
| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` |
|
||||
| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` |
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
|
||||
|
||||
```bash
|
||||
$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator
|
||||
```
|
||||
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Installing Fluentd and Fluent-bit via logging
|
||||
|
||||
The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart.
|
||||
|
||||
## tl;dr:
|
||||
|
||||
```bash
|
||||
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
|
||||
$ helm repo update
|
||||
$ helm install banzaicloud-stable/logging-operator-logging
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The following tables lists the configurable parameters of the logging-operator-logging chart and their default values.
|
||||
## tl;dr:
|
||||
|
||||
```bash
|
||||
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
|
||||
$ helm repo update
|
||||
$ helm install banzaicloud-stable/logging-operator-logging
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The following tables lists the configurable parameters of the logging-operator-logging chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ |
|
||||
| `tls.enabled` | Enabled TLS communication between components | true |
|
||||
| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. |
|
||||
| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. |
|
||||
| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] |
|
||||
| `fluentbit.enabled` | Install fluent-bit | true |
|
||||
| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace |
|
||||
| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` |
|
||||
| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` |
|
||||
| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` |
|
||||
| `fluentd.enabled` | Install fluentd | true |
|
||||
| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` |
|
||||
| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` |
|
||||
| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` |
|
||||
| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` |
|
||||
| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` |
|
||||
| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` |
|
||||
| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` |
|
||||
| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` |
|
||||
| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` |
|
||||
| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` |
|
||||
| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` |
|
||||
| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` |
|
|
@ -0,0 +1,22 @@
|
|||
# Rancher Logging
|
||||
|
||||
This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace.
|
||||
|
||||
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/).
|
||||
|
||||
## Namespace-level logging
|
||||
|
||||
To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs.
|
||||
|
||||
## Cluster-level logging
|
||||
|
||||
To collect logs from an entire cluster, users create cluster flows and cluster outputs.
|
||||
|
||||
## CRDs
|
||||
|
||||
- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator.
|
||||
- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow.
|
||||
- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in.
|
||||
- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider.
|
||||
|
||||
For more information on how to configure the Helm chart, refer to the Helm README.
|
|
@ -0,0 +1,66 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "logging-operator.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "logging-operator.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Provides the namespace the chart will be installed in using the builtin .Release.Namespace,
|
||||
or, if provided, a manually overwritten namespace value.
|
||||
*/}}
|
||||
{{- define "logging-operator.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{ .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{ .Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "logging-operator.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "logging-operator.labels" -}}
|
||||
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
|
||||
helm.sh/chart: {{ include "logging-operator.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,167 @@
|
|||
{{- if .Values.rbac.enabled }}
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: {{ template "logging-operator.fullname" . }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
- namespaces
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
- serviceaccounts
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
- events.k8s.io
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- daemonsets
|
||||
- replicasets
|
||||
- statefulsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- policy
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- use
|
||||
- watch
|
||||
- apiGroups:
|
||||
- logging.banzaicloud.io
|
||||
resources:
|
||||
- clusterflows
|
||||
- clusteroutputs
|
||||
- flows
|
||||
- loggings
|
||||
- outputs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- logging.banzaicloud.io
|
||||
resources:
|
||||
- clusterflows/status
|
||||
- clusteroutputs/status
|
||||
- flows/status
|
||||
- loggings/status
|
||||
- outputs/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
resources:
|
||||
- servicemonitors
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- clusterrolebindings
|
||||
- clusterroles
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
{{- end }}
|
|
@ -0,0 +1,18 @@
|
|||
{{- if .Values.rbac.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "logging-operator.fullname" . }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "logging-operator.fullname" . }}
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "logging-operator.fullname" . }}
|
||||
|
||||
{{- end }}
|
|
@ -0,0 +1,6 @@
|
|||
{{- if .Values.createCustomResource -}}
|
||||
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
|
||||
{{ $.Files.Get $path }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,62 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "logging-operator.fullname" . }}
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.http.port }}
|
||||
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podSecurityContext }}
|
||||
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.rbac.enabled }}
|
||||
serviceAccountName: {{ include "logging-operator.fullname" . }}
|
||||
{{- end }}
|
|
@ -0,0 +1,55 @@
|
|||
{{- if .Values.additionalLoggingSources.aks.enabled }}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-aks
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "aks"
|
||||
Path: "/var/log/azure/kubelet-status.log"
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,56 @@
|
|||
{{- if .Values.additionalLoggingSources.eks.enabled }}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-eks
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "eks"
|
||||
Path: "/var/log/messages"
|
||||
Parser: "syslog"
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,55 @@
|
|||
{{- if .Values.additionalLoggingSources.gke.enabled }}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-gke
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "gke"
|
||||
Path: "/var/log/kube-proxy.log"
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,65 @@
|
|||
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-k3s
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "k3s"
|
||||
Path: "/var/log/k3s.log"
|
||||
extraVolumeMounts:
|
||||
- source: "/var/log/"
|
||||
destination: "/var/log"
|
||||
readOnly: true
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,65 @@
|
|||
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-k3s
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "k3s"
|
||||
Path: "/var/log/syslog"
|
||||
extraVolumeMounts:
|
||||
- source: "/var/log/"
|
||||
destination: "/var/log"
|
||||
readOnly: true
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,29 @@
|
|||
{{- if .Values.additionalLoggingSources.rke.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-rke
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
data:
|
||||
fluent-bit.conf: |
|
||||
[SERVICE]
|
||||
Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }}
|
||||
Parsers_File parsers.conf
|
||||
|
||||
[INPUT]
|
||||
Tag rke
|
||||
Name tail
|
||||
Path_Key filename
|
||||
Parser docker
|
||||
DB /tail-db/tail-containers-state.db
|
||||
Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }}
|
||||
Path /var/lib/rancher/rke/log/*.log
|
||||
|
||||
[OUTPUT]
|
||||
Name forward
|
||||
Match *
|
||||
Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc
|
||||
Port 24240
|
||||
Retry_Limit False
|
||||
{{- end }}
|
|
@ -0,0 +1,124 @@
|
|||
{{- if .Values.additionalLoggingSources.rke.enabled }}
|
||||
{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: {{ .Release.Name }}-rke-aggregator
|
||||
template:
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
labels:
|
||||
name: {{ .Release.Name }}-rke-aggregator
|
||||
spec:
|
||||
containers:
|
||||
- name: fluentbit
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}"
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/rancher/rke/log/
|
||||
name: indir
|
||||
- mountPath: {{ $containers }}
|
||||
name: containers
|
||||
- mountPath: /tail-db
|
||||
name: positiondb
|
||||
- mountPath: /fluent-bit/etc/fluent-bit.conf
|
||||
name: config
|
||||
subPath: fluent-bit.conf
|
||||
{{- if .Values.global.seLinux.enabled }}
|
||||
securityContext:
|
||||
seLinuxOptions:
|
||||
type: rke_logreader_t
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: indir
|
||||
hostPath:
|
||||
path: /var/lib/rancher/rke/log/
|
||||
type: DirectoryOrCreate
|
||||
- name: containers
|
||||
hostPath:
|
||||
path: {{ $containers }}
|
||||
type: DirectoryOrCreate
|
||||
- name: positiondb
|
||||
emptyDir: {}
|
||||
- name: config
|
||||
configMap:
|
||||
name: "{{ .Release.Name }}-rke"
|
||||
serviceAccountName: "{{ .Release.Name }}-rke-aggregator"
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- policy
|
||||
resourceNames:
|
||||
- "{{ .Release.Name }}-rke-aggregator"
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
allowPrivilegeEscalation: false
|
||||
allowedHostPaths:
|
||||
- pathPrefix: {{ $containers }}
|
||||
readOnly: false
|
||||
- pathPrefix: /var/lib/rancher/rke/log/
|
||||
readOnly: false
|
||||
- pathPrefix: /var/lib/rancher/logging/
|
||||
readOnly: false
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- emptyDir
|
||||
- secret
|
||||
- hostPath
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{- if .Values.additionalLoggingSources.rke2.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-rke2
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
data:
|
||||
fluent-bit.conf: |
|
||||
[INPUT]
|
||||
Name systemd
|
||||
Tag rke2
|
||||
Systemd_Filter _SYSTEMD_UNIT=rke2.service
|
||||
|
||||
[OUTPUT]
|
||||
Name forward
|
||||
Match *
|
||||
Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc
|
||||
Port 24240
|
||||
Retry_Limit False
|
||||
{{- end }}
|
|
@ -0,0 +1,93 @@
|
|||
{{- if .Values.additionalLoggingSources.rke2.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: {{ .Release.Name }}-rke2-journald-aggregator
|
||||
template:
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
labels:
|
||||
name: {{ .Release.Name }}-rke2-journald-aggregator
|
||||
spec:
|
||||
containers:
|
||||
- name: fluentd
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}"
|
||||
volumeMounts:
|
||||
- mountPath: /fluent-bit/etc/
|
||||
name: config
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: "{{ .Release.Name }}-rke2"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- policy
|
||||
resourceNames:
|
||||
- "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-rke2-journald-aggregator"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
allowPrivilegeEscalation: false
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- emptyDir
|
||||
- secret
|
||||
- hostPath
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,70 @@
|
|||
{{- if .Values.additionalLoggingSources.rke2.enabled }}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-rke2-containers
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
inputTail:
|
||||
Tag: "rke2"
|
||||
Path: "/var/log/containers/*rke*.log"
|
||||
extraVolumeMounts:
|
||||
- source: "/var/log/containers/"
|
||||
destination: "/var/log/containers/"
|
||||
readOnly: true
|
||||
{{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }}
|
||||
security:
|
||||
{{- end }}
|
||||
{{- if or .Values.global.psp.enabled }}
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- if .Values.global.seLinux.enabled }}
|
||||
securityContext:
|
||||
seLinuxOptions:
|
||||
type: rke_logreader_t
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,71 @@
|
|||
{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
|
||||
apiVersion: logging.banzaicloud.io/v1beta1
|
||||
kind: Logging
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
controlNamespace: {{ .Release.Namespace }}
|
||||
fluentbit:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
|
||||
tag: {{ .Values.images.fluentbit.tag }}
|
||||
{{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }}
|
||||
security:
|
||||
{{- end }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- if .Values.global.seLinux.enabled }}
|
||||
securityContext:
|
||||
seLinuxOptions:
|
||||
type: rke_logreader_t
|
||||
{{- end }}
|
||||
{{- if .Values.global.dockerRootDirectory }}
|
||||
mountPath: {{ $containers }}
|
||||
extraVolumeMounts:
|
||||
- source: {{ $containers }}
|
||||
destination: {{ $containers }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
|
||||
{{- with $total_tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentbit.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
fluentd:
|
||||
image:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
|
||||
tag: {{ .Values.images.fluentd.tag }}
|
||||
configReloaderImage:
|
||||
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
|
||||
tag: {{ .Values.images.config_reloader.tag }}
|
||||
disablePvc: {{ .Values.disablePvc }}
|
||||
{{- if .Values.global.psp.enabled }}
|
||||
security:
|
||||
podSecurityPolicyCreate: true
|
||||
roleBasedAccessControlCreate: true
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.fluentd.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,33 @@
|
|||
{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: psp.logging-operator
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default'
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
readOnlyRootFilesystem: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser:
|
||||
rule: MustRunAsNonRoot
|
||||
fsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
supplementalGroups:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- secret
|
||||
- configMap
|
||||
{{ end }}
|
|
@ -0,0 +1,20 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "logging-operator.fullname" . }}
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
{{- with .Values.http.service.clusterIP }}
|
||||
clusterIP: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.http.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
@ -0,0 +1,30 @@
|
|||
{{ if .Values.monitoring.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "logging-operator.fullname" . }}
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
{{- with .Values.monitoring.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "logging-operator.labels" . | indent 6 }}
|
||||
endpoints:
|
||||
- port: http
|
||||
path: /metrics
|
||||
{{- with .Values.monitoring.serviceMonitor.metricsRelabelings }}
|
||||
metricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.monitoring.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "logging-operator.namespace" . }}
|
||||
{{- end }}
|
|
@ -0,0 +1,10 @@
|
|||
{{- if .Values.rbac.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "logging-operator.fullname" . }}
|
||||
namespace: {{ include "logging-operator.namespace" . }}
|
||||
labels:
|
||||
{{ include "logging-operator.labels" . | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: "logging-admin"
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "logging.banzaicloud.io"
|
||||
resources:
|
||||
- flows
|
||||
- outputs
|
||||
verbs:
|
||||
- "*"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: "logging-view"
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "logging.banzaicloud.io"
|
||||
resources:
|
||||
- flows
|
||||
- outputs
|
||||
- clusterflows
|
||||
- clusteroutputs
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
|
@ -0,0 +1,18 @@
|
|||
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
|
||||
# {{- $found := dict -}}
|
||||
# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}}
|
||||
# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}}
|
||||
# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}}
|
||||
# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}}
|
||||
# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}}
|
||||
# {{- range .Capabilities.APIVersions -}}
|
||||
# {{- if hasKey $found (toString .) -}}
|
||||
# {{- set $found (toString .) true -}}
|
||||
# {{- end -}}
|
||||
# {{- end -}}
|
||||
# {{- range $_, $exists := $found -}}
|
||||
# {{- if (eq $exists false) -}}
|
||||
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
|
||||
# {{- end -}}
|
||||
# {{- end -}}
|
||||
#{{- end -}}
|
|
@ -0,0 +1,5 @@
|
|||
#{{- if .Values.global.dockerRootDirectory }}
|
||||
#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }}
|
||||
#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}}
|
||||
#{{- end }}
|
||||
#{{- end }}
|
|
@ -0,0 +1,151 @@
|
|||
# Default values for logging-operator.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: rancher/mirrored-banzaicloud-logging-operator
|
||||
tag: 3.9.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
namespaceOverride: ""
|
||||
|
||||
annotations: {}
|
||||
|
||||
## Deploy CRDs used by Logging Operator.
|
||||
##
|
||||
createCustomResource: false
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
|
||||
tolerations:
|
||||
- key: cattle.io/os
|
||||
operator: "Equal"
|
||||
value: "linux"
|
||||
effect: NoSchedule
|
||||
|
||||
affinity: {}
|
||||
|
||||
http:
|
||||
# http listen port number
|
||||
port: 8080
|
||||
# Service definition for query http service
|
||||
service:
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
# Annotations to query http service
|
||||
annotations: {}
|
||||
# Labels to query http service
|
||||
labels: {}
|
||||
|
||||
# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which
|
||||
# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire
|
||||
# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart).
|
||||
rbac:
|
||||
enabled: true
|
||||
psp:
|
||||
enabled: false
|
||||
|
||||
## SecurityContext holds pod-level security attributes and common container settings.
|
||||
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
podSecurityContext: {}
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
# fsGroup: 2000
|
||||
securityContext: {}
|
||||
# allowPrivilegeEscalation: false
|
||||
# readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop: ["ALL"]
|
||||
|
||||
## Operator priorityClassName
|
||||
##
|
||||
priorityClassName: {}
|
||||
|
||||
monitoring:
|
||||
# Create a Prometheus Operator ServiceMonitor object
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
metricRelabelings: []
|
||||
relabelings: []
|
||||
|
||||
disablePvc: true
|
||||
|
||||
additionalLoggingSources:
|
||||
rke:
|
||||
enabled: false
|
||||
fluentbit:
|
||||
log_level: "info"
|
||||
mem_buffer_limit: "5MB"
|
||||
rke2:
|
||||
enabled: false
|
||||
k3s:
|
||||
enabled: false
|
||||
container_engine: "systemd"
|
||||
aks:
|
||||
enabled: false
|
||||
eks:
|
||||
enabled: false
|
||||
gke:
|
||||
enabled: false
|
||||
|
||||
images:
|
||||
config_reloader:
|
||||
repository: rancher/mirrored-jimmidyson-configmap-reload
|
||||
tag: v0.4.0
|
||||
fluentbit:
|
||||
repository: rancher/mirrored-fluent-fluent-bit
|
||||
tag: 1.6.10
|
||||
fluentbit_debug:
|
||||
repository: rancher/mirrored-fluent-fluent-bit
|
||||
tag: 1.6.10-debug
|
||||
fluentd:
|
||||
repository: rancher/mirrored-banzaicloud-fluentd
|
||||
tag: v1.11.5-alpine-9
|
||||
|
||||
# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs
|
||||
# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed.
|
||||
fluentd:
|
||||
resources: {}
|
||||
fluentbit:
|
||||
resources: {}
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/controlplane
|
||||
value: "true"
|
||||
effect: NoSchedule
|
||||
- key: node-role.kubernetes.io/etcd
|
||||
value: "true"
|
||||
effect: NoExecute
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
# Change the "dockerRootDirectory" if the default Docker directory has changed.
|
||||
dockerRootDirectory: ""
|
||||
# This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the
|
||||
# overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the
|
||||
# logging operator.
|
||||
psp:
|
||||
enabled: true
|
||||
seLinux:
|
||||
enabled: false
|
38
index.yaml
38
index.yaml
|
@ -2885,6 +2885,30 @@ entries:
|
|||
- released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz
|
||||
version: 1.23.001
|
||||
rancher-logging:
|
||||
- annotations:
|
||||
catalog.cattle.io/auto-install: rancher-logging-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: Logging
|
||||
catalog.cattle.io/namespace: cattle-logging-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
|
||||
catalog.cattle.io/release-name: rancher-logging
|
||||
catalog.cattle.io/ui-component: logging
|
||||
apiVersion: v1
|
||||
appVersion: 3.9.0
|
||||
created: "2021-03-15T19:33:50.86544465Z"
|
||||
description: Collects and filter logs using highly configurable CRDs. Powered
|
||||
by Banzai Cloud Logging Operator.
|
||||
digest: 3d9759eb846b9e8891bc40e1fc6b6fa9f6f998fc66f8a6736f0255f685cc64f8
|
||||
icon: https://charts.rancher.io/assets/logos/logging.svg
|
||||
keywords:
|
||||
- logging
|
||||
- monitoring
|
||||
- security
|
||||
name: rancher-logging
|
||||
urls:
|
||||
- assets/rancher-logging/rancher-logging-3.9.002-rc01.tgz
|
||||
version: 3.9.002-rc01
|
||||
- annotations:
|
||||
catalog.cattle.io/auto-install: rancher-logging-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
|
@ -3245,6 +3269,20 @@ entries:
|
|||
- released/assets/rancher-logging/rancher-logging-3.6.000.tgz
|
||||
version: 3.6.000
|
||||
rancher-logging-crd:
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/namespace: cattle-logging-system
|
||||
catalog.cattle.io/release-name: rancher-logging-crd
|
||||
apiVersion: v1
|
||||
created: "2021-03-15T19:33:50.871226689Z"
|
||||
description: Installs the CRDs for rancher-logging.
|
||||
digest: 458d13cf6ad6f90488dc73a6a96744e8a7b32b15cef8d01647b8eb9e848127d7
|
||||
name: rancher-logging-crd
|
||||
type: application
|
||||
urls:
|
||||
- assets/rancher-logging/rancher-logging-crd-3.9.002-rc01.tgz
|
||||
version: 3.9.002-rc01
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
|
|
Loading…
Reference in New Issue