{{- if .Values.additionalLoggingSources.rke2.enabled }} apiVersion: apps/v1 kind: DaemonSet metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" namespace: "{{ .Release.Namespace }}" spec: selector: matchLabels: name: {{ .Release.Name }}-rke2-journald-aggregator template: metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" namespace: "{{ .Release.Namespace }}" labels: name: {{ .Release.Name }}-rke2-journald-aggregator spec: containers: - name: fluentd image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" volumeMounts: - mountPath: /etc/rancher/logging/logs/ name: logdir - mountPath: /fluent-bit/etc/ name: config {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" volumes: - name: logdir hostPath: path: /etc/rancher/logging/logs/ - name: config configMap: name: "{{ .Release.Name }}-rke2" --- apiVersion: v1 kind: ServiceAccount metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" namespace: "{{ .Release.Namespace }}" {{- if .Values.global.psp.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" rules: - apiGroups: - policy resourceNames: - "{{ .Release.Name }}-rke2-journald-aggregator" resources: - podsecuritypolicies verbs: - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: "{{ .Release.Name }}-rke2-journald-aggregator" subjects: - kind: ServiceAccount name: "{{ .Release.Name }}-rke2-journald-aggregator" --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: "{{ .Release.Name }}-rke2-journald-aggregator" namespace: "{{ .Release.Namespace }}" spec: allowPrivilegeEscalation: false allowedHostPaths: - pathPrefix: /etc/rancher/logging/logs readOnly: false fsGroup: rule: RunAsAny readOnlyRootFilesystem: true runAsUser: rule: RunAsAny seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - configMap - emptyDir - secret - hostPath {{- end }} {{- end }}