2020-08-14 22:02:30 +00:00
# use this for backwards compatability
2020-08-13 18:44:50 +00:00
# fullnameOverride: ""
2020-08-11 14:09:48 +00:00
# Version for ElasticSearch and Kibana have to match so we define it at top-level
version : 7.8 .1
2020-08-15 13:25:07 +00:00
elastic_password : "" # super_secret_elastic_password
2020-08-11 14:09:48 +00:00
es :
nodeSets : [ ]
#- count: 2
# storage:
# size: 16Gi
# class: local-sc-xfs
# zone: us-west-2a
2020-08-13 18:44:50 +00:00
s3Snapshot :
enabled : false
iamrole : "" # INSERT_CLOUDFORMATION_OUTPUT_ElasticSearchSnapshots
2020-08-11 14:09:48 +00:00
2020-08-13 18:44:50 +00:00
prometheus : false
2020-08-11 14:09:48 +00:00
kibana :
2020-08-14 14:52:10 +00:00
count : 1
2020-08-11 14:09:48 +00:00
#servicename: kibana.example.com
istio :
enabled : false
gateway : "istio-system/ingressgateway"
url : "" # kibana.example.com
2020-08-18 10:34:34 +00:00
fluentd :
enabled : false
2020-08-23 16:41:37 +00:00
image :
repository : quay.io/fluentd_elasticsearch/fluentd
tag : v3.0.4
2020-08-18 10:34:34 +00:00
istio :
enabled : false
2020-08-18 10:41:09 +00:00
# broken as of 2.5.1 ;-(
# useStatefulSet: true
2020-08-18 10:34:34 +00:00
replicaCount : 2
plugins :
2020-08-18 11:36:56 +00:00
enabled : false
2020-08-18 10:34:34 +00:00
pluginsList :
2020-08-18 11:36:56 +00:00
#- fluent-plugin-detect-exceptions
#- fluent-plugin-s3
#- fluent-plugin-grok-parser
2020-08-18 10:34:34 +00:00
2020-08-18 11:08:49 +00:00
#persistence:
# enabled: true
# storageClass: "ebs-sc-gp2-xfs"
# accessMode: ReadWriteOnce
# size: 4Gi
2020-08-18 10:34:34 +00:00
service :
ports :
- name : tcp-forward
protocol : TCP
containerPort : 24224
- name : http-fluentd
protocol : TCP
containerPort : 9880
metrics :
enabled : false
serviceMonitor :
enabled : true
additionalLabels :
release : metrics
namespace : monitoring
output :
host : logging-es-http
2020-08-18 10:58:37 +00:00
shared_key : "cloudbender"
2020-08-18 10:34:34 +00:00
env :
OUTPUT_USER : elastic
OUTPUT_SSL_VERIFY : "false"
extraEnvVars :
- name : OUTPUT_PASSWORD
valueFrom :
secretKeyRef :
name : logging-es-elastic-user
key : elastic
- name : FLUENTD_SHARED_KEY
valueFrom :
secretKeyRef :
2020-08-18 10:58:37 +00:00
name : logging-fluentd-secret
2020-08-18 10:34:34 +00:00
key : shared_key
extraVolumes :
- name : fluentd-certs
secret :
secretName : fluentd-certificate
extraVolumeMounts :
- name : fluentd-certs
mountPath : /mnt/fluentd-certs
readOnly : true
configMaps :
forward-input.conf : |
<source>
@type forward
port 24224
bind 0.0.0.0
skip_invalid_event true
<transport tls>
cert_path /mnt/fluentd-certs/tls.crt
private_key_path /mnt/fluentd-certs/tls.key
</transport>
<security>
self_hostname "#{ENV['HOSTNAME']}"
shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
</security>
</source>
output.conf : |
<match **>
@id elasticsearch
@type elasticsearch
@log_level info
include_tag_key true
id_key id
remove_keys id
2020-08-22 17:27:18 +00:00
# KubeZero pipeline incl. GeoIP etc.
2020-08-18 10:34:34 +00:00
pipeline fluentd
host "#{ENV['OUTPUT_HOST']}"
port "#{ENV['OUTPUT_PORT']}"
scheme "#{ENV['OUTPUT_SCHEME']}"
ssl_version "#{ENV['OUTPUT_SSL_VERSION']}"
ssl_verify "#{ENV['OUTPUT_SSL_VERIFY']}"
user "#{ENV['OUTPUT_USER']}"
password "#{ENV['OUTPUT_PASSWORD']}"
logstash_format true
reload_connections false
reconnect_on_error true
reload_on_failure true
2020-08-23 16:47:28 +00:00
request_timeout 30s
2020-08-23 16:41:37 +00:00
suppress_type_name true
2020-08-18 10:34:34 +00:00
<buffer>
@type file
path /var/log/fluentd-buffers/kubernetes.system.buffer
flush_mode interval
flush_thread_count 2
flush_interval 5s
flush_at_shutdown true
retry_type exponential_backoff
retry_timeout 60m
retry_max_interval 30
chunk_limit_size "#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}"
queue_limit_length "#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}"
overflow_action drop_oldest_chunk
</buffer>
</match>
# filter.conf: |
# <filter auth system.auth>
# @type parser
# key_name message
# reserve_data true
# reserve_time true
# <parse>
# @type grok
#
# # SSH
# <grok>
# pattern %{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user )?%{DATA:system.auth.user} from %{IPORHOST:system.auth.ip} port %{NUMBER:system.auth.port} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?
# </grok>
# <grok>
# pattern %{DATA:system.auth.ssh.event} user %{DATA:system.auth.user} from %{IPORHOST:system.auth.ip}
# </grok>
#
# # sudo
# <grok>
# pattern \s*%{DATA:system.auth.user} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}
# </grok>
#
# # Users
# <grok>
# pattern new group: name=%{DATA:system.auth.groupadd.name}, GID=%{NUMBER:system.auth.groupadd.gid}
# </grok>
# <grok>
# pattern new user: name=%{DATA:system.auth.useradd.name}, UID=%{NUMBER:system.auth.useradd.uid}, GID=%{NUMBER:system.auth.useradd.gid}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$
# </grok>
#
# <grok>
# pattern %{GREEDYDATA:message}
# </grok>
# </parse>
# </filter>
2020-08-22 17:27:18 +00:00
fluent-bit :
2020-08-23 16:41:37 +00:00
enabled : false
2020-08-22 17:27:18 +00:00
test :
enabled : false
config :
outputs : |
[ OUTPUT]
Match *
Name forward
2020-08-23 14:50:14 +00:00
Host logging-fluentd
2020-08-22 17:27:18 +00:00
Port 24224
tls on
tls.verify off
Shared_Key cloudbender
inputs : |
[ INPUT]
Name tail
Path /var/log/containers/*.log
Parser cri
Tag kube.*
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Refresh_Interval 10
DB /var/log/flb_kube.db
DB.Sync Normal
filters : |
[ FILTER]
Name kubernetes
Match kube.*
Merge_Log On
Keep_Log Off
K8S-Logging.Parser On
K8S-Logging.Exclude On
[ FILTER]
Name lua
Match kube.*
script /fluent-bit/etc/functions.lua
call dedot
service : |
[ SERVICE]
Flush 5
Daemon Off
Log_Level warn
Parsers_File parsers.conf
Parsers_File custom_parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
lua : |
function dedot(tag, timestamp, record)
if record["kubernetes"] == nil then
return 0, 0, 0
end
dedot_keys(record["kubernetes"]["annotations"])
dedot_keys(record["kubernetes"]["labels"])
return 1, timestamp, record
end
function dedot_keys(map)
if map == nil then
return
end
local new_map = {}
local changed_keys = {}
for k, v in pairs(map) do
local dedotted = string.gsub(k, "%.", "_")
if dedotted ~= k then
new_map[dedotted] = v
changed_keys[k] = true
end
end
for k in pairs(changed_keys) do
map[k] = nil
end
for k, v in pairs(new_map) do
map[k] = v
end
end
serviceMonitor :
enabled : true
namespace : monitoring
selector :
release : metrics
tolerations :
- key : node-role.kubernetes.io/master
effect : NoSchedule