Merge pull request #1147 from nickgerace/dev-v2.5-source-32264

Fix Windows optional flag for logging
pull/1158/head
actions 2021-04-23 22:02:03 +00:00
parent 13d5649014
commit c6efefac38
39 changed files with 24853 additions and 54 deletions

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,10 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/release-name: rancher-logging-crd
apiVersion: v1
description: Installs the CRDs for rancher-logging.
name: rancher-logging-crd
type: application
version: 3.9.400-rc08

View File

@ -0,0 +1,2 @@
# rancher-logging-crd
A Rancher chart that installs the CRDs used by rancher-logging.

View File

@ -0,0 +1,765 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
name: clusterflows.logging.banzaicloud.io
spec:
additionalPrinterColumns:
- JSONPath: .status.active
description: Is the flow active?
name: Active
type: boolean
- JSONPath: .status.problemsCount
description: Number of problems
name: Problems
type: integer
group: logging.banzaicloud.io
names:
categories:
- logging-all
kind: ClusterFlow
listKind: ClusterFlowList
plural: clusterflows
singular: clusterflow
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
filters:
items:
properties:
concat:
properties:
continuous_line_regexp:
type: string
flush_interval:
type: integer
keep_partial_key:
type: boolean
keep_partial_metadata:
type: string
key:
type: string
multiline_end_regexp:
type: string
multiline_start_regexp:
type: string
n_lines:
type: integer
partial_key:
type: string
partial_value:
type: string
separator:
type: string
stream_identity_key:
type: string
timeout_label:
type: string
use_first_timestamp:
type: boolean
use_partial_metadata:
type: string
type: object
dedot:
properties:
de_dot_nested:
type: boolean
de_dot_separator:
type: string
type: object
detectExceptions:
properties:
languages:
items:
type: string
type: array
max_bytes:
type: integer
max_lines:
type: integer
message:
type: string
multiline_flush_interval:
type: string
remove_tag_prefix:
type: string
stream:
type: string
type: object
enhanceK8s:
properties:
api_groups:
items:
type: string
type: array
bearer_token_file:
type: string
ca_file:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
cache_refresh:
type: integer
cache_refresh_variation:
type: integer
cache_size:
type: integer
cache_ttl:
type: integer
client_cert:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
client_key:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
core_api_versions:
items:
type: string
type: array
data_type:
type: string
in_namespace_path:
items:
type: string
type: array
in_pod_path:
items:
type: string
type: array
kubernetes_url:
type: string
secret_dir:
type: string
ssl_partial_chain:
type: boolean
verify_ssl:
type: boolean
type: object
geoip:
properties:
backend_library:
type: string
geoip_2_database:
type: string
geoip_database:
type: string
geoip_lookup_keys:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
skip_adding_null_record:
type: boolean
type: object
grep:
properties:
and:
items:
properties:
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
type: array
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
or:
items:
properties:
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
parser:
properties:
emit_invalid_record_to_error:
type: boolean
hash_value_field:
type: string
inject_key_prefix:
type: string
key_name:
type: string
parse:
properties:
delimiter:
type: string
delimiter_pattern:
type: string
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
format_firstline:
type: string
keep_time_key:
type: boolean
label_delimiter:
type: string
local_time:
type: boolean
multiline:
items:
type: string
type: array
null_empty_string:
type: boolean
null_value_pattern:
type: string
patterns:
items:
properties:
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
keep_time_key:
type: boolean
local_time:
type: boolean
null_empty_string:
type: boolean
null_value_pattern:
type: string
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
parsers:
items:
properties:
delimiter:
type: string
delimiter_pattern:
type: string
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
format_firstline:
type: string
keep_time_key:
type: boolean
label_delimiter:
type: string
local_time:
type: boolean
multiline:
items:
type: string
type: array
null_empty_string:
type: boolean
null_value_pattern:
type: string
patterns:
items:
properties:
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
keep_time_key:
type: boolean
local_time:
type: boolean
null_empty_string:
type: boolean
null_value_pattern:
type: string
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
remove_key_name_field:
type: boolean
replace_invalid_sequence:
type: boolean
reserve_data:
type: boolean
reserve_time:
type: boolean
type: object
prometheus:
properties:
labels:
additionalProperties:
type: string
type: object
metrics:
items:
properties:
buckets:
type: string
desc:
type: string
key:
type: string
labels:
additionalProperties:
type: string
type: object
name:
type: string
type:
type: string
required:
- desc
- name
- type
type: object
type: array
type: object
record_modifier:
properties:
char_encoding:
type: string
prepare_value:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
remove_keys:
type: string
replaces:
items:
properties:
expression:
type: string
key:
type: string
replace:
type: string
required:
- expression
- key
- replace
type: object
type: array
whitelist_keys:
type: string
type: object
record_transformer:
properties:
auto_typecast:
type: boolean
enable_ruby:
type: boolean
keep_keys:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
remove_keys:
type: string
renew_record:
type: boolean
renew_time_key:
type: string
type: object
stdout:
properties:
output_type:
type: string
type: object
sumologic:
properties:
collector_key_name:
type: string
collector_value:
type: string
exclude_container_regex:
type: string
exclude_facility_regex:
type: string
exclude_host_regex:
type: string
exclude_namespace_regex:
type: string
exclude_pod_regex:
type: string
exclude_priority_regex:
type: string
exclude_unit_regex:
type: string
log_format:
type: string
source_category:
type: string
source_category_key_name:
type: string
source_category_prefix:
type: string
source_category_replace_dash:
type: string
source_host:
type: string
source_host_key_name:
type: string
source_name:
type: string
source_name_key_name:
type: string
tracing_annotation_prefix:
type: string
tracing_container_name:
type: string
tracing_format:
type: boolean
tracing_host:
type: string
tracing_label_prefix:
type: string
tracing_namespace:
type: string
tracing_pod:
type: string
tracing_pod_id:
type: string
type: object
tag_normaliser:
properties:
format:
type: string
type: object
throttle:
properties:
group_bucket_limit:
type: integer
group_bucket_period_s:
type: integer
group_drop_logs:
type: boolean
group_key:
type: string
group_reset_rate_s:
type: integer
group_warning_delay_s:
type: integer
type: object
type: object
type: array
globalOutputRefs:
items:
type: string
type: array
loggingRef:
type: string
match:
items:
properties:
exclude:
properties:
container_names:
items:
type: string
type: array
hosts:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
namespaces:
items:
type: string
type: array
type: object
select:
properties:
container_names:
items:
type: string
type: array
hosts:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
namespaces:
items:
type: string
type: array
type: object
type: object
type: array
outputRefs:
items:
type: string
type: array
selectors:
additionalProperties:
type: string
type: object
type: object
status:
properties:
active:
type: boolean
problems:
items:
type: string
type: array
problemsCount:
type: integer
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,761 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
name: flows.logging.banzaicloud.io
spec:
additionalPrinterColumns:
- JSONPath: .status.active
description: Is the flow active?
name: Active
type: boolean
- JSONPath: .status.problemsCount
description: Number of problems
name: Problems
type: integer
group: logging.banzaicloud.io
names:
categories:
- logging-all
kind: Flow
listKind: FlowList
plural: flows
singular: flow
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
filters:
items:
properties:
concat:
properties:
continuous_line_regexp:
type: string
flush_interval:
type: integer
keep_partial_key:
type: boolean
keep_partial_metadata:
type: string
key:
type: string
multiline_end_regexp:
type: string
multiline_start_regexp:
type: string
n_lines:
type: integer
partial_key:
type: string
partial_value:
type: string
separator:
type: string
stream_identity_key:
type: string
timeout_label:
type: string
use_first_timestamp:
type: boolean
use_partial_metadata:
type: string
type: object
dedot:
properties:
de_dot_nested:
type: boolean
de_dot_separator:
type: string
type: object
detectExceptions:
properties:
languages:
items:
type: string
type: array
max_bytes:
type: integer
max_lines:
type: integer
message:
type: string
multiline_flush_interval:
type: string
remove_tag_prefix:
type: string
stream:
type: string
type: object
enhanceK8s:
properties:
api_groups:
items:
type: string
type: array
bearer_token_file:
type: string
ca_file:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
cache_refresh:
type: integer
cache_refresh_variation:
type: integer
cache_size:
type: integer
cache_ttl:
type: integer
client_cert:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
client_key:
properties:
mountFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
core_api_versions:
items:
type: string
type: array
data_type:
type: string
in_namespace_path:
items:
type: string
type: array
in_pod_path:
items:
type: string
type: array
kubernetes_url:
type: string
secret_dir:
type: string
ssl_partial_chain:
type: boolean
verify_ssl:
type: boolean
type: object
geoip:
properties:
backend_library:
type: string
geoip_2_database:
type: string
geoip_database:
type: string
geoip_lookup_keys:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
skip_adding_null_record:
type: boolean
type: object
grep:
properties:
and:
items:
properties:
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
type: array
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
or:
items:
properties:
exclude:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
type: array
regexp:
items:
properties:
key:
type: string
pattern:
type: string
required:
- key
- pattern
type: object
type: array
type: object
parser:
properties:
emit_invalid_record_to_error:
type: boolean
hash_value_field:
type: string
inject_key_prefix:
type: string
key_name:
type: string
parse:
properties:
delimiter:
type: string
delimiter_pattern:
type: string
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
format_firstline:
type: string
keep_time_key:
type: boolean
label_delimiter:
type: string
local_time:
type: boolean
multiline:
items:
type: string
type: array
null_empty_string:
type: boolean
null_value_pattern:
type: string
patterns:
items:
properties:
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
keep_time_key:
type: boolean
local_time:
type: boolean
null_empty_string:
type: boolean
null_value_pattern:
type: string
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
parsers:
items:
properties:
delimiter:
type: string
delimiter_pattern:
type: string
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
format_firstline:
type: string
keep_time_key:
type: boolean
label_delimiter:
type: string
local_time:
type: boolean
multiline:
items:
type: string
type: array
null_empty_string:
type: boolean
null_value_pattern:
type: string
patterns:
items:
properties:
estimate_current_event:
type: boolean
expression:
type: string
format:
type: string
keep_time_key:
type: boolean
local_time:
type: boolean
null_empty_string:
type: boolean
null_value_pattern:
type: string
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
time_format:
type: string
time_key:
type: string
time_type:
type: string
timezone:
type: string
type:
type: string
types:
type: string
utc:
type: boolean
type: object
type: array
remove_key_name_field:
type: boolean
replace_invalid_sequence:
type: boolean
reserve_data:
type: boolean
reserve_time:
type: boolean
type: object
prometheus:
properties:
labels:
additionalProperties:
type: string
type: object
metrics:
items:
properties:
buckets:
type: string
desc:
type: string
key:
type: string
labels:
additionalProperties:
type: string
type: object
name:
type: string
type:
type: string
required:
- desc
- name
- type
type: object
type: array
type: object
record_modifier:
properties:
char_encoding:
type: string
prepare_value:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
remove_keys:
type: string
replaces:
items:
properties:
expression:
type: string
key:
type: string
replace:
type: string
required:
- expression
- key
- replace
type: object
type: array
whitelist_keys:
type: string
type: object
record_transformer:
properties:
auto_typecast:
type: boolean
enable_ruby:
type: boolean
keep_keys:
type: string
records:
items:
additionalProperties:
type: string
type: object
type: array
remove_keys:
type: string
renew_record:
type: boolean
renew_time_key:
type: string
type: object
stdout:
properties:
output_type:
type: string
type: object
sumologic:
properties:
collector_key_name:
type: string
collector_value:
type: string
exclude_container_regex:
type: string
exclude_facility_regex:
type: string
exclude_host_regex:
type: string
exclude_namespace_regex:
type: string
exclude_pod_regex:
type: string
exclude_priority_regex:
type: string
exclude_unit_regex:
type: string
log_format:
type: string
source_category:
type: string
source_category_key_name:
type: string
source_category_prefix:
type: string
source_category_replace_dash:
type: string
source_host:
type: string
source_host_key_name:
type: string
source_name:
type: string
source_name_key_name:
type: string
tracing_annotation_prefix:
type: string
tracing_container_name:
type: string
tracing_format:
type: boolean
tracing_host:
type: string
tracing_label_prefix:
type: string
tracing_namespace:
type: string
tracing_pod:
type: string
tracing_pod_id:
type: string
type: object
tag_normaliser:
properties:
format:
type: string
type: object
throttle:
properties:
group_bucket_limit:
type: integer
group_bucket_period_s:
type: integer
group_drop_logs:
type: boolean
group_key:
type: string
group_reset_rate_s:
type: integer
group_warning_delay_s:
type: integer
type: object
type: object
type: array
globalOutputRefs:
items:
type: string
type: array
localOutputRefs:
items:
type: string
type: array
loggingRef:
type: string
match:
items:
properties:
exclude:
properties:
container_names:
items:
type: string
type: array
hosts:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
type: object
select:
properties:
container_names:
items:
type: string
type: array
hosts:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
outputRefs:
items:
type: string
type: array
selectors:
additionalProperties:
type: string
type: object
type: object
status:
properties:
active:
type: boolean
problems:
items:
type: string
type: array
problemsCount:
type: integer
type: object
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,19 @@
annotations:
catalog.cattle.io/auto-install: rancher-logging-crd=match
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Logging
catalog.cattle.io/namespace: cattle-logging-system
catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1
catalog.cattle.io/release-name: rancher-logging
catalog.cattle.io/ui-component: logging
apiVersion: v1
appVersion: 3.9.4
description: Collects and filter logs using highly configurable CRDs. Powered by Banzai
Cloud Logging Operator.
icon: https://charts.rancher.io/assets/logos/logging.svg
keywords:
- logging
- monitoring
- security
name: rancher-logging
version: 3.9.400-rc08

View File

@ -0,0 +1,131 @@
# Logging operator Chart
[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster.
## tl;dr:
```bash
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
$ helm repo update
$ helm install banzaicloud-stable/logging-operator
```
## Introduction
This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.8+ with Beta APIs enabled
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release banzaicloud-stable/logging-operator
```
### CRDs
Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time.
The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all Kubernetes components associated with the chart and deletes the release.
## Configuration
The following tables lists the configurable parameters of the logging-operator chart and their default values.
| Parameter | Description | Default |
| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ |
| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` |
| `image.tag` | Container image tag | `3.9.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nameOverride` | Override name of app | `` |
| `fullnameOverride` | Override full name of app | `` |
| `namespaceOverride` | Override namespace of app | `` |
| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` |
| `rbac.enabled` | Create rbac service account and roles | `true` |
| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` |
| `priorityClassName` | Operator priorityClassName | `{}` |
| `affinity` | Node Affinity | `{}` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `tolerations` | Node Tolerations | `[]` |
| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` |
| `podLabels` | Define custom labels for logging-operator pods | `{}` |
| `annotations` | Define annotations for logging-operator pods | `{}` |
| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` |
| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` |
| `createCustomResource` | Create CRDs. | `true` |
| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` |
| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` |
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
```bash
$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Installing Fluentd and Fluent-bit via logging
The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart.
## tl;dr:
```bash
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
$ helm repo update
$ helm install banzaicloud-stable/logging-operator-logging
```
## Configuration
The following tables lists the configurable parameters of the logging-operator-logging chart and their default values.
## tl;dr:
```bash
$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
$ helm repo update
$ helm install banzaicloud-stable/logging-operator-logging
```
## Configuration
The following tables lists the configurable parameters of the logging-operator-logging chart and their default values.
| Parameter | Description | Default |
| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ |
| `tls.enabled` | Enabled TLS communication between components | true |
| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. |
| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. |
| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] |
| `fluentbit.enabled` | Install fluent-bit | true |
| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace |
| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` |
| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` |
| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` |
| `fluentd.enabled` | Install fluentd | true |
| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-12` |
| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` |
| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` |
| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` |
| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` |
| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` |
| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` |
| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` |
| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` |
| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` |
| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` |
| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` |

View File

@ -0,0 +1,22 @@
# Rancher Logging
This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace.
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/).
## Namespace-level logging
To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs.
## Cluster-level logging
To collect logs from an entire cluster, users create cluster flows and cluster outputs.
## CRDs
- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator.
- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow.
- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in.
- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider.
For more information on how to configure the Helm chart, refer to the Helm README.

View File

@ -0,0 +1,76 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "logging-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "logging-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Provides the namespace the chart will be installed in using the builtin .Release.Namespace,
or, if provided, a manually overwritten namespace value.
*/}}
{{- define "logging-operator.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{ .Values.namespaceOverride -}}
{{- else -}}
{{ .Release.Namespace }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "logging-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "logging-operator.labels" -}}
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
helm.sh/chart: {{ include "logging-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "windowsEnabled" }}
{{- if not (kindIs "invalid" .Values.global.cattle.windows) }}
{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }}
{{- if .Values.global.cattle.windows.enabled }}
true
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,167 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: {{ template "logging-operator.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- pods
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
- policy
resources:
- podsecuritypolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- use
- watch
- apiGroups:
- logging.banzaicloud.io
resources:
- clusterflows
- clusteroutputs
- flows
- loggings
- outputs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- logging.banzaicloud.io
resources:
- clusterflows/status
- clusteroutputs/status
- flows/status
- loggings/status
- outputs/status
verbs:
- get
- patch
- update
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

View File

@ -0,0 +1,18 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "logging-operator.fullname" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "logging-operator.fullname" . }}
{{- end }}

View File

@ -0,0 +1,6 @@
{{- if .Values.createCustomResource -}}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

View File

@ -0,0 +1,68 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.podLabels }}
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
args: {{ range .Values.extraArgs }}
- {{ . -}}
{{ end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
ports:
- name: http
containerPort: {{ .Values.http.port }}
{{- if .Values.securityContext }}
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.podSecurityContext }}
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ include "logging-operator.fullname" . }}
{{- end }}

View File

@ -0,0 +1,58 @@
{{- if .Values.additionalLoggingSources.aks.enabled }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-aks
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "aks"
Path: "/var/log/azure/kubelet-status.log"
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,59 @@
{{- if .Values.additionalLoggingSources.eks.enabled }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-eks
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "eks"
Path: "/var/log/messages"
Parser: "syslog"
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,58 @@
{{- if .Values.additionalLoggingSources.gke.enabled }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-gke
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "gke"
Path: "/var/log/kube-proxy.log"
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,68 @@
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-k3s
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "k3s"
Path: "/var/log/k3s.log"
extraVolumeMounts:
- source: "/var/log/"
destination: "/var/log"
readOnly: true
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,68 @@
{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-k3s
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "k3s"
Path: "/var/log/syslog"
extraVolumeMounts:
- source: "/var/log/"
destination: "/var/log"
readOnly: true
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,29 @@
{{- if .Values.additionalLoggingSources.rke.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-rke
labels:
{{ include "logging-operator.labels" . | indent 4 }}
data:
fluent-bit.conf: |
[SERVICE]
Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }}
Parsers_File parsers.conf
[INPUT]
Tag rke
Name tail
Path_Key filename
Parser docker
DB /tail-db/tail-containers-state.db
Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }}
Path /var/lib/rancher/rke/log/*.log
[OUTPUT]
Name forward
Match *
Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc
Port 24240
Retry_Limit False
{{- end }}

View File

@ -0,0 +1,124 @@
{{- if .Values.additionalLoggingSources.rke.enabled }}
{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-rke-aggregator
template:
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
labels:
name: {{ .Release.Name }}-rke-aggregator
spec:
containers:
- name: fluentbit
image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}"
volumeMounts:
- mountPath: /var/lib/rancher/rke/log/
name: indir
- mountPath: {{ $containers }}
name: containers
- mountPath: /tail-db
name: positiondb
- mountPath: /fluent-bit/etc/fluent-bit.conf
name: config
subPath: fluent-bit.conf
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
volumes:
- name: indir
hostPath:
path: /var/lib/rancher/rke/log/
type: DirectoryOrCreate
- name: containers
hostPath:
path: {{ $containers }}
type: DirectoryOrCreate
- name: positiondb
emptyDir: {}
- name: config
configMap:
name: "{{ .Release.Name }}-rke"
serviceAccountName: "{{ .Release.Name }}-rke-aggregator"
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
{{- if .Values.global.psp.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
rules:
- apiGroups:
- policy
resourceNames:
- "{{ .Release.Name }}-rke-aggregator"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ .Release.Name }}-rke-aggregator"
subjects:
- kind: ServiceAccount
name: "{{ .Release.Name }}-rke-aggregator"
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: "{{ .Release.Name }}-rke-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
allowPrivilegeEscalation: false
allowedHostPaths:
- pathPrefix: {{ $containers }}
readOnly: false
- pathPrefix: /var/lib/rancher/rke/log/
readOnly: false
- pathPrefix: /var/lib/rancher/logging/
readOnly: false
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
- hostPath
{{- end }}
{{- end }}

View File

@ -0,0 +1,22 @@
{{- if .Values.additionalLoggingSources.rke2.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-rke2
labels:
{{ include "logging-operator.labels" . | indent 4 }}
data:
fluent-bit.conf: |
[INPUT]
Name systemd
Tag rke2
Path {{ .Values.systemdLogPath | default "/var/log/journal" }}
Systemd_Filter _SYSTEMD_UNIT=rke2-server.service
[OUTPUT]
Name forward
Match *
Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc
Port 24240
Retry_Limit False
{{- end }}

View File

@ -0,0 +1,110 @@
{{- if .Values.additionalLoggingSources.rke2.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-rke2-journald-aggregator
template:
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
labels:
name: {{ .Release.Name }}-rke2-journald-aggregator
spec:
containers:
- name: fluentd
image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}"
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
volumeMounts:
- mountPath: /fluent-bit/etc/
name: config
- mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }}
name: journal
readOnly: true
- mountPath: /etc/machine-id
name: machine-id
readOnly: true
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator"
volumes:
- name: config
configMap:
name: "{{ .Release.Name }}-rke2"
- name: journal
hostPath:
path: {{ .Values.systemdLogPath | default "/var/log/journal" }}
- name: machine-id
hostPath:
path: /etc/machine-id
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
{{- if .Values.global.psp.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
rules:
- apiGroups:
- policy
resourceNames:
- "{{ .Release.Name }}-rke2-journald-aggregator"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ .Release.Name }}-rke2-journald-aggregator"
subjects:
- kind: ServiceAccount
name: "{{ .Release.Name }}-rke2-journald-aggregator"
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: "{{ .Release.Name }}-rke2-journald-aggregator"
namespace: "{{ .Release.Namespace }}"
spec:
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
- hostPath
{{- end }}
{{- end }}

View File

@ -0,0 +1,73 @@
{{- if .Values.additionalLoggingSources.rke2.enabled }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-rke2-containers
namespace: {{ .Release.Namespace }}
spec:
controlNamespace: {{ .Release.Namespace }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: "rke2"
Path: "/var/log/containers/*rke*.log"
extraVolumeMounts:
- source: "/var/log/containers/"
destination: "/var/log/containers/"
readOnly: true
{{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }}
security:
{{- end }}
{{- if or .Values.global.psp.enabled }}
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,111 @@
{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
{{- if (include "windowsEnabled" .) }}
nodeAgents:
- name: win-agent
profile: windows
nodeAgentFluentbit:
daemonSet:
spec:
template:
spec:
containers:
- image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}"
name: fluent-bit
tls:
enabled: {{ .Values.nodeAgents.tls.enabled | default false }}
{{- if .Values.additionalLoggingSources.rke.enabled }}
- name: win-agent-rke
profile: windows
nodeAgentFluentbit:
filterKubernetes:
Kube_Tag_Prefix: "kuberentes.C.var.lib.rancher.rke.log."
inputTail:
Path: "C:\\var\\lib\\rancher\\rke\\log"
extraVolumeMounts:
- source: "/var/lib/rancher/rke/log"
destination: "/var/lib/rancher/rke/log"
readOnly: true
daemonSet:
spec:
template:
spec:
containers:
- image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}"
name: fluent-bit
tls:
enabled: {{ .Values.nodeAgents.tls.enabled | default false }}
{{- end }}
{{- end }}
fluentbit:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
{{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }}
security:
{{- end }}
{{- if .Values.global.psp.enabled }}
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- if .Values.global.seLinux.enabled }}
securityContext:
seLinuxOptions:
type: rke_logreader_t
{{- end }}
{{- if .Values.global.dockerRootDirectory }}
mountPath: {{ $containers }}
extraVolumeMounts:
- source: {{ $containers }}
destination: {{ $containers }}
readOnly: true
{{- end }}
{{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }}
{{- with $total_tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}

View File

@ -0,0 +1,33 @@
{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.logging-operator
namespace: {{ include "logging-operator.namespace" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: MustRunAsNonRoot
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
seLinux:
rule: RunAsAny
volumes:
- secret
- configMap
{{ end }}

View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
type: ClusterIP
{{- with .Values.http.service.clusterIP }}
clusterIP: {{ . }}
{{- end }}
ports:
- port: {{ .Values.http.port }}
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "logging-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

View File

@ -0,0 +1,30 @@
{{ if .Values.monitoring.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
{{- with .Values.monitoring.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{ include "logging-operator.labels" . | indent 6 }}
endpoints:
- port: http
path: /metrics
{{- with .Values.monitoring.serviceMonitor.metricsRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.monitoring.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 4 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "logging-operator.namespace" . }}
{{- end }}

View File

@ -0,0 +1,10 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "logging-operator.fullname" . }}
namespace: {{ include "logging-operator.namespace" . }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
{{- end }}

View File

@ -0,0 +1,35 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "logging-admin"
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- "logging.banzaicloud.io"
resources:
- flows
- outputs
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "logging-view"
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- "logging.banzaicloud.io"
resources:
- flows
- outputs
- clusterflows
- clusteroutputs
verbs:
- get
- list
- watch

View File

@ -0,0 +1,18 @@
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}}
# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}

View File

@ -0,0 +1,5 @@
#{{- if .Values.global.dockerRootDirectory }}
#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }}
#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}}
#{{- end }}
#{{- end }}

View File

@ -0,0 +1,176 @@
# Default values for logging-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: rancher/mirrored-banzaicloud-logging-operator
tag: 3.9.4
pullPolicy: IfNotPresent
extraArgs: []
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
## Pod custom labels
##
podLabels: {}
annotations: {}
## Deploy CRDs used by Logging Operator.
##
createCustomResource: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: cattle.io/os
operator: "Equal"
value: "linux"
effect: NoSchedule
affinity: {}
http:
# http listen port number
port: 8080
# Service definition for query http service
service:
type: ClusterIP
clusterIP: None
# Annotations to query http service
annotations: {}
# Labels to query http service
labels: {}
# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which
# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire
# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart).
rbac:
enabled: true
psp:
enabled: false
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
podSecurityContext: {}
# runAsNonRoot: true
# runAsUser: 1000
# fsGroup: 2000
securityContext: {}
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true
# capabilities:
# drop: ["ALL"]
## Operator priorityClassName
##
priorityClassName: {}
monitoring:
# Create a Prometheus Operator ServiceMonitor object
serviceMonitor:
enabled: false
additionalLabels: {}
metricRelabelings: []
relabelings: []
disablePvc: true
systemdLogPath: "/run/log/journal"
additionalLoggingSources:
rke:
enabled: false
fluentbit:
log_level: "info"
mem_buffer_limit: "5MB"
rke2:
enabled: false
k3s:
enabled: false
container_engine: "systemd"
aks:
enabled: false
eks:
enabled: false
gke:
enabled: false
images:
config_reloader:
repository: rancher/mirrored-jimmidyson-configmap-reload
tag: v0.4.0
fluentbit:
repository: rancher/mirrored-fluent-fluent-bit
tag: 1.6.10
fluentbit_debug:
repository: rancher/mirrored-fluent-fluent-bit
tag: 1.6.10-debug
fluentd:
repository: rancher/mirrored-banzaicloud-fluentd
tag: v1.11.5-alpine-12
nodeagent_fluentbit:
os: "windows,linux"
repository: rancher/fluent-bit
tag: 1.6.10
# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources".
# Changing these affects every Logging CR installed.
nodeAgents:
tls:
enabled: false
fluentd:
resources: {}
livenessProbe:
tcpSocket:
port: 24240
initialDelaySeconds: 30
periodSeconds: 15
fluentbit:
resources: {}
tolerations:
- key: node-role.kubernetes.io/controlplane
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/etcd
value: "true"
effect: NoExecute
global:
cattle:
systemDefaultRegistry: ""
# Uncomment the below two lines to either enable or disable Windows logging. If this chart is
# installed via the Rancher UI, it will set this value to "true" if the cluster is a Windows
# cluster. In that scenario, if you would like to disable Windows logging on Windows clusters,
# set the value below to "false".
# windows:
# enabled: true
# Change the "dockerRootDirectory" if the default Docker directory has changed.
dockerRootDirectory: ""
# This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the
# overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the
# logging operator.
psp:
enabled: true
seLinux:
enabled: false

5202
index.yaml Normal file → Executable file

File diff suppressed because it is too large Load Diff