Version bump logging module for 1.26

This commit is contained in:
Stefan Reimer 2023-08-23 12:20:50 +00:00
parent ee99a3bbde
commit 7081bf1144
50 changed files with 4247 additions and 1426 deletions

View File

@ -21,3 +21,4 @@
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/
templates/tests

View File

@ -1,9 +1,10 @@
apiVersion: v2 apiVersion: v2
appVersion: 2.4.0 appVersion: 2.9.0
description: 'A Helm chart for deploying the Elastic Cloud on Kubernetes (ECK) operator: the official Kubernetes operator for orchestrating Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats.' description: Elastic Cloud on Kubernetes (ECK) operator
home: https://github.com/elastic/cloud-on-k8s home: https://github.com/elastic/cloud-on-k8s
icon: https://helm.elastic.co/icons/eck.png icon: https://helm.elastic.co/icons/eck.png
keywords: keywords:
- Logstash
- Elasticsearch - Elasticsearch
- Kibana - Kibana
- APM Server - APM Server
@ -11,10 +12,10 @@ keywords:
- Enterprise Search - Enterprise Search
- Elastic Stack - Elastic Stack
- Operator - Operator
kubeVersion: '>=1.12.0-0' kubeVersion: '>=1.21.0-0'
maintainers: maintainers:
- email: eck@elastic.co - email: eck@elastic.co
name: Elastic name: Elastic
name: eck-operator name: eck-operator
type: application type: application
version: 2.4.0 version: 2.9.0

View File

@ -0,0 +1,93 @@
Elastic License 2.0
URL: https://www.elastic.co/licensing/elastic-license
## Acceptance
By using the software, you agree to all of the terms and conditions below.
## Copyright License
The licensor grants you a non-exclusive, royalty-free, worldwide,
non-sublicensable, non-transferable license to use, copy, distribute, make
available, and prepare derivative works of the software, in each case subject to
the limitations and conditions below.
## Limitations
You may not provide the software to third parties as a hosted or managed
service, where the service provides users with access to any substantial set of
the features or functionality of the software.
You may not move, change, disable, or circumvent the license key functionality
in the software, and you may not remove or obscure any functionality in the
software that is protected by the license key.
You may not alter, remove, or obscure any licensing, copyright, or other notices
of the licensor in the software. Any use of the licensors trademarks is subject
to applicable law.
## Patents
The licensor grants you a license, under any patent claims the licensor can
license, or becomes able to license, to make, have made, use, sell, offer for
sale, import and have imported the software, in each case subject to the
limitations and conditions in this license. This license does not cover any
patent claims that you cause to be infringed by modifications or additions to
the software. If you or your company make any written claim that the software
infringes or contributes to infringement of any patent, your patent license for
the software granted under these terms ends immediately. If your company makes
such a claim, your patent license ends immediately for work on behalf of your
company.
## Notices
You must ensure that anyone who gets a copy of any part of the software from you
also gets a copy of these terms.
If you modify the software, you must include in any modified copies of the
software prominent notices stating that you have modified the software.
## No Other Rights
These terms do not imply any licenses other than those expressly granted in
these terms.
## Termination
If you use the software in violation of these terms, such use is not licensed,
and your licenses will automatically terminate. If the licensor provides you
with a notice of your violation, and you cease all violation of this license no
later than 30 days after you receive that notice, your licenses will be
reinstated retroactively. However, if you violate these terms after such
reinstatement, any additional violation of these terms will cause your licenses
to terminate automatically and permanently.
## No Liability
*As far as the law allows, the software comes as is, without any warranty or
condition, and the licensor will not be liable to you for any damages arising
out of these terms or the use or nature of the software, under any kind of
legal claim.*
## Definitions
The **licensor** is the entity offering these terms, and the **software** is the
software the licensor makes available under these terms, including any portion
of it.
**you** refers to the individual or entity agreeing to these terms.
**your company** is any legal entity, sole proprietorship, or other kind of
organization that you work for, plus all organizations that have control over,
are under the control of, or are under common control with that
organization. **control** means ownership of substantially all the assets of an
entity, or the power to direct its management and policies by vote, contract, or
otherwise. Control can be direct or indirect.
**your licenses** are all the licenses granted to you for the software under
these terms.
**use** means anything you do with the software requiring one of your licenses.
**trademark** means trademarks, service marks, and similar rights.

File diff suppressed because it is too large Load Diff

View File

@ -206,6 +206,19 @@ updating docs/operating-eck/eck-permissions.asciidoc file.
- create - create
- update - update
- patch - patch
- apiGroups:
- autoscaling.k8s.elastic.co
resources:
- elasticsearchautoscalers
- elasticsearchautoscalers/status
- elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups: - apiGroups:
- kibana.k8s.elastic.co - kibana.k8s.elastic.co
resources: resources:
@ -284,6 +297,32 @@ updating docs/operating-eck/eck-permissions.asciidoc file.
- create - create
- update - update
- patch - patch
- apiGroups:
- stackconfigpolicy.k8s.elastic.co
resources:
- stackconfigpolicies
- stackconfigpolicies/status
- stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- logstash.k8s.elastic.co
resources:
- logstashes
- logstashes/status
- logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
verbs:
- get
- list
- watch
- create
- update
- patch
{{- end -}} {{- end -}}
{{/* {{/*

View File

@ -26,6 +26,9 @@ rules:
- apiGroups: ["elasticsearch.k8s.elastic.co"] - apiGroups: ["elasticsearch.k8s.elastic.co"]
resources: ["elasticsearches"] resources: ["elasticsearches"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: ["autoscaling.k8s.elastic.co"]
resources: ["elasticsearchautoscalers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apm.k8s.elastic.co"] - apiGroups: ["apm.k8s.elastic.co"]
resources: ["apmservers"] resources: ["apmservers"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
@ -44,6 +47,12 @@ rules:
- apiGroups: ["maps.k8s.elastic.co"] - apiGroups: ["maps.k8s.elastic.co"]
resources: ["elasticmapsservers"] resources: ["elasticmapsservers"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
resources: ["stackconfigpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["logstash.k8s.elastic.co"]
resources: ["logstashes"]
verbs: ["get", "list", "watch"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@ -57,6 +66,9 @@ rules:
- apiGroups: ["elasticsearch.k8s.elastic.co"] - apiGroups: ["elasticsearch.k8s.elastic.co"]
resources: ["elasticsearches"] resources: ["elasticsearches"]
verbs: ["create", "delete", "deletecollection", "patch", "update"] verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["autoscaling.k8s.elastic.co"]
resources: ["elasticsearchautoscalers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["apm.k8s.elastic.co"] - apiGroups: ["apm.k8s.elastic.co"]
resources: ["apmservers"] resources: ["apmservers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"] verbs: ["create", "delete", "deletecollection", "patch", "update"]
@ -75,4 +87,10 @@ rules:
- apiGroups: ["maps.k8s.elastic.co"] - apiGroups: ["maps.k8s.elastic.co"]
resources: ["elasticmapsservers"] resources: ["elasticmapsservers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"] verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
resources: ["stackconfigpolicies"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["logstash.k8s.elastic.co"]
resources: ["logstashes"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
{{- end -}} {{- end -}}

View File

@ -11,21 +11,33 @@ data:
log-verbosity: {{ int .Values.config.logVerbosity }} log-verbosity: {{ int .Values.config.logVerbosity }}
metrics-port: {{ int .Values.config.metricsPort }} metrics-port: {{ int .Values.config.metricsPort }}
container-registry: {{ .Values.config.containerRegistry }} container-registry: {{ .Values.config.containerRegistry }}
{{- with .Values.config.containerSuffix }}
container-suffix: {{ . }}
{{- end }}
{{- with .Values.config.containerRepository }}
container-repository: {{ . }}
{{- end }}
max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }} max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }}
{{- with .Values.config.passwordHashCacheSize }}
password-hash-cache-size: {{ int . }}
{{- end }}
ca-cert-validity: {{ .Values.config.caValidity }} ca-cert-validity: {{ .Values.config.caValidity }}
ca-cert-rotate-before: {{ .Values.config.caRotateBefore }} ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
cert-validity: {{ .Values.config.certificatesValidity }} cert-validity: {{ .Values.config.certificatesValidity }}
cert-rotate-before: {{ .Values.config.certificatesRotateBefore }} cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
{{- if .Values.config.exposedNodeLabels }} {{- with .Values.config.exposedNodeLabels }}
exposed-node-labels: [{{ join "," .Values.config.exposedNodeLabels }}] exposed-node-labels: [{{ join "," . }}]
{{- end }} {{- end }}
set-default-security-context: {{ .Values.config.setDefaultSecurityContext }} set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
kube-client-timeout: {{ .Values.config.kubeClientTimeout }} kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
{{- with .Values.config.kubeClientQPS }}
kube-client-qps: {{ int . }}
{{- end }}
elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }} elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }}
disable-telemetry: {{ .Values.telemetry.disabled }} disable-telemetry: {{ .Values.telemetry.disabled }}
distribution-channel: {{ .Values.telemetry.distributionChannel }} distribution-channel: {{ .Values.telemetry.distributionChannel }}
{{- if .Values.telemetry.interval }} {{- with .Values.telemetry.interval }}
telemetry-interval: {{ .Values.telemetry.interval }} telemetry-interval: {{ . }}
{{- end }} {{- end }}
validate-storage-class: {{ .Values.config.validateStorageClass }} validate-storage-class: {{ .Values.config.validateStorageClass }}
{{- if .Values.tracing.enabled }} {{- if .Values.tracing.enabled }}
@ -41,8 +53,10 @@ data:
manage-webhook-certs: false manage-webhook-certs: false
webhook-cert-dir: {{ .Values.webhook.certsDir }} webhook-cert-dir: {{ .Values.webhook.certsDir }}
{{- end }} {{- end }}
webhook-port: {{ .Values.webhook.port }}
{{- end }} {{- end }}
{{- if .Values.managedNamespaces }} {{- with .Values.managedNamespaces }}
namespaces: [{{ join "," .Values.managedNamespaces }}] namespaces: [{{ join "," . }}]
{{- end }} {{- end }}
enable-leader-election: {{ .Values.config.enableLeaderElection }} enable-leader-election: {{ .Values.config.enableLeaderElection }}
elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}

View File

@ -44,7 +44,7 @@ spec:
ingress: ingress:
{{- if .Values.webhook.enabled }} {{- if .Values.webhook.enabled }}
- ports: - ports:
- port: 9443 - port: {{ .Values.webhook.port }}
from: from:
- ipBlock: - ipBlock:
cidr: "{{ $kubeAPIServerIP }}/32" cidr: "{{ $kubeAPIServerIP }}/32"

View File

@ -0,0 +1,19 @@
{{- if .Values.podDisruptionBudget.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "eck-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "eck-operator.labels" . | indent 4 }}
spec:
{{- with .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ . }}
{{- end }}
{{- with .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ . }}
{{- end }}
selector:
matchLabels:
{{- include "eck-operator.selectorLabels" . | indent 6 }}
{{- end -}}

View File

@ -6,8 +6,8 @@ metadata:
name: {{ include "eck-operator.fullname" . }} name: {{ include "eck-operator.fullname" . }}
namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }} namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }}
labels: {{- include "eck-operator.labels" . | nindent 4 }} labels: {{- include "eck-operator.labels" . | nindent 4 }}
{{- if .Values.podMonitor.labels }} {{- with .Values.podMonitor.labels }}
{{- toYaml .Values.podMonitor.labels | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- with .Values.podMonitor.annotations }} {{- with .Values.podMonitor.annotations }}
annotations: {{- toYaml . | nindent 4 }} annotations: {{- toYaml . | nindent 4 }}
@ -19,14 +19,14 @@ spec:
podMetricsEndpoints: podMetricsEndpoints:
- port: metrics - port: metrics
path: /metrics path: /metrics
{{- if .Values.podMonitor.interval }} {{- with .Values.podMonitor.interval }}
interval: {{ .Values.podMonitor.interval }} interval: {{ . }}
{{- end }} {{- end }}
{{- if .Values.podMonitor.scrapeTimeout }} {{- with .Values.podMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }} scrapeTimeout: {{ . }}
{{- end }} {{- end }}
{{- if .Values.podMonitor.podMetricsEndpointConfig }} {{- with .Values.podMonitor.podMetricsEndpointConfig }}
{{- toYaml .Values.podMonitor.podMetricsEndpointConfig | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:

View File

@ -31,8 +31,8 @@ spec:
spec: spec:
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
serviceAccountName: {{ include "eck-operator.serviceAccountName" . }} serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
{{- if .Values.priorityClassName }} {{- with .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- with .Values.podSecurityContext }} {{- with .Values.podSecurityContext }}
securityContext: securityContext:
@ -87,7 +87,7 @@ spec:
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- if .Values.webhook.enabled }} {{- if .Values.webhook.enabled }}
- containerPort: 9443 - containerPort: {{ .Values.webhook.port }}
name: https-webhook name: https-webhook
protocol: TCP protocol: TCP
{{- end }} {{- end }}
@ -117,6 +117,10 @@ spec:
{{- with .Values.volumes }} {{- with .Values.volumes }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}

View File

@ -6,13 +6,15 @@ metadata:
name: {{ include "eck-operator.webhookName" . }} name: {{ include "eck-operator.webhookName" . }}
labels: labels:
{{- include "eck-operator.labels" . | nindent 4 }} {{- include "eck-operator.labels" . | nindent 4 }}
{{- if .Values.webhook.certManagerCert }} {{- with .Values.webhook.certManagerCert }}
annotations: annotations:
cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ .Values.webhook.certManagerCert }}" cert-manager.io/inject-ca-from: "{{ $.Release.Namespace }}/{{ . }}"
{{- end }} {{- end }}
webhooks: webhooks:
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -28,7 +30,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-agent-validation-v1alpha1.k8s.elastic.co name: elastic-agent-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -41,7 +43,9 @@ webhooks:
resources: resources:
- agents - agents
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -57,7 +61,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-apm-validation-v1.k8s.elastic.co name: elastic-apm-validation-v1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -70,7 +74,9 @@ webhooks:
resources: resources:
- apmservers - apmservers
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -86,7 +92,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-apm-validation-v1beta1.k8s.elastic.co name: elastic-apm-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -99,7 +105,9 @@ webhooks:
resources: resources:
- apmservers - apmservers
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -115,7 +123,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-beat-validation-v1beta1.k8s.elastic.co name: elastic-beat-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -128,7 +136,9 @@ webhooks:
resources: resources:
- beats - beats
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -144,7 +154,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-ent-validation-v1.k8s.elastic.co name: elastic-ent-validation-v1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -157,7 +167,9 @@ webhooks:
resources: resources:
- enterprisesearches - enterprisesearches
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -173,7 +185,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-ent-validation-v1beta1.k8s.elastic.co name: elastic-ent-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -186,7 +198,9 @@ webhooks:
resources: resources:
- enterprisesearches - enterprisesearches
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -202,7 +216,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-es-validation-v1.k8s.elastic.co name: elastic-es-validation-v1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -215,7 +229,9 @@ webhooks:
resources: resources:
- elasticsearches - elasticsearches
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -231,7 +247,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-es-validation-v1beta1.k8s.elastic.co name: elastic-es-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -244,7 +260,40 @@ webhooks:
resources: resources:
- elasticsearches - elasticsearches
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service:
name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers
failurePolicy: {{ .Values.webhook.failurePolicy }}
{{- with .Values.webhook.namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.objectSelector }}
objectSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
name: elastic-ems-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1,v1beta1]
sideEffects: None
rules:
- apiGroups:
- maps.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- mapsservers
- clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -260,7 +309,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-kb-validation-v1.k8s.elastic.co name: elastic-kb-validation-v1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -273,7 +322,9 @@ webhooks:
resources: resources:
- kibanas - kibanas
- clientConfig: - clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }} caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service: service:
name: {{ include "eck-operator.webhookServiceName" . }} name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
@ -289,7 +340,7 @@ webhooks:
{{- end }} {{- end }}
name: elastic-kb-validation-v1beta1.k8s.elastic.co name: elastic-kb-validation-v1beta1.k8s.elastic.co
matchPolicy: Exact matchPolicy: Exact
admissionReviewVersions: [v1beta1] admissionReviewVersions: [v1,v1beta1]
sideEffects: None sideEffects: None
rules: rules:
- apiGroups: - apiGroups:
@ -301,6 +352,99 @@ webhooks:
- UPDATE - UPDATE
resources: resources:
- kibanas - kibanas
- clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service:
name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
failurePolicy: {{ .Values.webhook.failurePolicy }}
{{- with .Values.webhook.namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.objectSelector }}
objectSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
name: elastic-esa-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1,v1beta1]
sideEffects: None
rules:
- apiGroups:
- autoscaling.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- elasticsearchautoscalers
- clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service:
name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
failurePolicy: {{ .Values.webhook.failurePolicy }}
{{- with .Values.webhook.namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.objectSelector }}
objectSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
name: elastic-scp-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1,v1beta1]
sideEffects: None
rules:
- apiGroups:
- stackconfigpolicy.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- stackconfigpolicies
- clientConfig:
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
caBundle: {{ .Values.webhook.caBundle }}
{{- end }}
service:
name: {{ include "eck-operator.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash
failurePolicy: {{ .Values.webhook.failurePolicy }}
{{- with .Values.webhook.namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.objectSelector }}
objectSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
name: elastic-logstash-validation-v1alpha1.k8s.elastic.co
matchPolicy: Exact
admissionReviewVersions: [v1,v1beta1]
sideEffects: None
rules:
- apiGroups:
- logstash.k8s.elastic.co
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- logstashes
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -313,7 +457,7 @@ spec:
ports: ports:
- name: https - name: https
port: 443 port: 443
targetPort: 9443 targetPort: {{ .Values.webhook.port }}
selector: selector:
{{- include "eck-operator.selectorLabels" . | nindent 4 }} {{- include "eck-operator.selectorLabels" . | nindent 4 }}
{{- if .Values.webhook.manageCerts }} {{- if .Values.webhook.manageCerts }}

View File

@ -51,7 +51,13 @@ podSecurityContext:
runAsNonRoot: true runAsNonRoot: true
# securityContext defines the security context of the operator container. # securityContext defines the security context of the operator container.
securityContext: {} securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
# nodeSelector defines the node selector for the operator pod. # nodeSelector defines the node selector for the operator pod.
nodeSelector: {} nodeSelector: {}
@ -62,6 +68,13 @@ tolerations: []
# affinity defines the node affinity rules for the operator pod. # affinity defines the node affinity rules for the operator pod.
affinity: {} affinity: {}
# podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
# set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 3
# additional environment variables for the operator container. # additional environment variables for the operator container.
env: [] env: []
@ -113,6 +126,13 @@ webhook:
# objectSelector corresponds to the objectSelector property of the webhook. # objectSelector corresponds to the objectSelector property of the webhook.
# Setting this restricts the webhook to act only on objects that match the selector. # Setting this restricts the webhook to act only on objects that match the selector.
objectSelector: {} objectSelector: {}
# port is the port that the validating webhook binds to.
port: 9443
# hostNetwork allows a Pod to use the Node network namespace.
# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
# CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
hostNetwork: false
softMultiTenancy: softMultiTenancy:
# enabled determines whether the operator is installed with soft multi-tenancy extensions. # enabled determines whether the operator is installed with soft multi-tenancy extensions.
@ -143,6 +163,12 @@ config:
# containerRegistry to use for pulling Elasticsearch and other application container images. # containerRegistry to use for pulling Elasticsearch and other application container images.
containerRegistry: docker.elastic.co containerRegistry: docker.elastic.co
# containerRepository to use for pulling Elasticsearch and other application container images.
# containerRepository: ""
# containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
# containerSuffix: ""
# maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller. # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
maxConcurrentReconciles: "3" maxConcurrentReconciles: "3"
@ -182,6 +208,9 @@ config:
# enableLeaderElection specifies whether leader election should be enabled # enableLeaderElection specifies whether leader election should be enabled
enableLeaderElection: true enableLeaderElection: true
# Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
elasticsearchObservationInterval: 10s
# Prometheus PodMonitor configuration # Prometheus PodMonitor configuration
# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
podMonitor: podMonitor:
@ -222,5 +251,4 @@ global:
# Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests). # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
createOperatorNamespace: true createOperatorNamespace: true
# kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml. # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
kubeVersion: 1.16.0 kubeVersion: 1.21.0

View File

@ -1,9 +1,9 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: added
description: "Updated Fluent Bit image to v2.0.9." description: "Added events permission to ClusteRole"
apiVersion: v1 apiVersion: v1
appVersion: 2.0.9 appVersion: 2.1.8
description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
family operating systems. family operating systems.
home: https://fluentbit.io/ home: https://fluentbit.io/
@ -24,4 +24,4 @@ maintainers:
name: fluent-bit name: fluent-bit
sources: sources:
- https://github.com/fluent/fluent-bit/ - https://github.com/fluent/fluent-bit/
version: 0.24.0 version: 0.37.1

View File

@ -1 +1,4 @@
logLevel: debug logLevel: debug
dashboards:
enabled: true

View File

@ -62,6 +62,15 @@ Create the name of the service account to use
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Fluent-bit image with tag/digest
*/}}
{{- define "fluent-bit.image" -}}
{{- $tag := ternary "" (printf ":%s" (toString .tag)) (or (empty .tag) (eq "-" (toString .tag))) -}}
{{- $digest := ternary "" (printf "@%s" .digest) (empty .digest) -}}
{{- printf "%s%s%s" .repository $tag $digest -}}
{{- end -}}
{{/* {{/*
Ingress ApiVersion according k8s version Ingress ApiVersion according k8s version
*/}} */}}
@ -104,3 +113,26 @@ policy/v1
policy/v1beta1 policy/v1beta1
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{/*
HPA ApiVersion according k8s version
Check legacy first so helm template / kustomize will default to latest version
*/}}
{{- define "fluent-bit.hpa.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "autoscaling/v2beta2") (semverCompare "<1.23-0" .Capabilities.KubeVersion.GitVersion) -}}
autoscaling/v2beta2
{{- else -}}
autoscaling/v2
{{- end -}}
{{- end -}}
{{/*
Create the name of OpenShift SecurityContextConstraints to use
*/}}
{{- define "fluent-bit.openShiftSccName" -}}
{{- if not .Values.openShift.securityContextConstraints.create -}}
{{- printf "%s" .Values.openShift.securityContextConstraints.existingName -}}
{{- else -}}
{{- printf "%s" (default (include "fluent-bit.fullname" .) .Values.openShift.securityContextConstraints.name) -}}
{{- end -}}
{{- end -}}

View File

@ -38,7 +38,7 @@ containers:
securityContext: securityContext:
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" image: {{ include "fluent-bit.image" (merge .Values.image (dict "tag" (default .Chart.AppVersion .Values.image.tag))) | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if or .Values.env .Values.envWithTpl }} {{- if or .Values.env .Values.envWithTpl }}
env: env:
@ -54,13 +54,16 @@ containers:
envFrom: envFrom:
{{- toYaml .Values.envFrom | nindent 6 }} {{- toYaml .Values.envFrom | nindent 6 }}
{{- end }} {{- end }}
{{- if .Values.args }} {{- with .Values.command }}
command:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if or .Values.args .Values.hotReload.enabled }}
args: args:
{{- toYaml .Values.args | nindent 6 }} {{- toYaml .Values.args | nindent 6 }}
{{- if .Values.hotReload.enabled }}
- --enable-hot-reload
{{- end }} {{- end }}
{{- if .Values.command }}
command:
{{- toYaml .Values.command | nindent 6 }}
{{- end}} {{- end}}
ports: ports:
- name: http - name: http
@ -86,16 +89,11 @@ containers:
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 6 }}
{{- range $key, $val := .Values.config.extraFiles }}
- name: config - name: config
mountPath: /fluent-bit/etc/{{ $key }} mountPath: /fluent-bit/etc/conf
subPath: {{ $key }} {{- if or .Values.luaScripts .Values.hotReload.enabled }}
{{- end }}
{{- range $key, $value := .Values.luaScripts }}
- name: luascripts - name: luascripts
mountPath: /fluent-bit/scripts/{{ $key }} mountPath: /fluent-bit/scripts
subPath: {{ $key }}
{{- end }} {{- end }}
{{- if eq .Values.kind "DaemonSet" }} {{- if eq .Values.kind "DaemonSet" }}
{{- toYaml .Values.daemonSetVolumeMounts | nindent 6 }} {{- toYaml .Values.daemonSetVolumeMounts | nindent 6 }}
@ -103,14 +101,31 @@ containers:
{{- if .Values.extraVolumeMounts }} {{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 6 }} {{- toYaml .Values.extraVolumeMounts | nindent 6 }}
{{- end }} {{- end }}
{{- if .Values.hotReload.enabled }}
- name: reloader
image: {{ include "fluent-bit.image" .Values.hotReload.image }}
args:
- {{ printf "-webhook-url=http://localhost:%s/api/v2/reload" (toString .Values.metricsPort) }}
- -volume-dir=/watch/config
- -volume-dir=/watch/scripts
volumeMounts:
- name: config
mountPath: /watch/config
- name: luascripts
mountPath: /watch/scripts
{{- with .Values.hotReload.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.extraContainers }} {{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 2 }} {{- toYaml .Values.extraContainers | nindent 2 }}
{{- end }} {{- end }}
volumes: volumes:
- name: config - name: config
configMap: configMap:
name: {{ if .Values.existingConfigMap }}{{ .Values.existingConfigMap }}{{- else }}{{ include "fluent-bit.fullname" . }}{{- end }} name: {{ default (include "fluent-bit.fullname" .) .Values.existingConfigMap }}
{{- if gt (len .Values.luaScripts) 0 }} {{- if or .Values.luaScripts .Values.hotReload.enabled }}
- name: luascripts - name: luascripts
configMap: configMap:
name: {{ include "fluent-bit.fullname" . }}-luascripts name: {{ include "fluent-bit.fullname" . }}-luascripts

View File

@ -15,6 +15,9 @@ rules:
- nodes - nodes
- nodes/proxy - nodes/proxy
{{- end }} {{- end }}
{{- if .Values.rbac.eventsAccess }}
- events
{{- end }}
verbs: verbs:
- get - get
- list - list
@ -29,13 +32,13 @@ rules:
verbs: verbs:
- use - use
{{- end }} {{- end }}
{{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }} {{- if .Values.openShift.enabled }}
- apiGroups: - apiGroups:
- security.openshift.io - security.openshift.io
resources: resources:
- securitycontextconstraints - securitycontextconstraints
resourceNames: resourceNames:
- {{ include "fluent-bit.fullname" . }} - {{ include "fluent-bit.openShiftSccName" . }}
verbs: verbs:
- use - use
{{- end }} {{- end }}

View File

@ -5,18 +5,16 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }} name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }}
{{- with $.Values.dashboards.namespace }} namespace: {{ default $.Release.Namespace $.Values.dashboards.namespace }}
namespace: {{ . }}
{{- end }}
{{- with $.Values.dashboards.annotations }} {{- with $.Values.dashboards.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 -}} {{- toYaml . | nindent 4 -}}
{{- end }} {{- end }}
labels: labels:
{{- include "fluent-bit.labels" $ | nindent 4 }} {{- include "fluent-bit.labels" $ | nindent 4 }}
{{ $.Values.dashboards.labelKey }}: "1" {{ $.Values.dashboards.labelKey }}: {{ $.Values.dashboards.labelValue | quote }}
data: data:
{{ base $path }}: | {{ include "fluent-bit.fullname" $ }}-{{ base $path }}: |
{{- tpl ($.Files.Get $path) $ | nindent 4 }} {{- tpl ($.Files.Get $path) $ | nindent 4 }}
--- ---
{{- end }} {{- end }}

View File

@ -1,8 +1,9 @@
{{- if gt (len .Values.luaScripts) 0 -}} {{- if or .Values.luaScripts .Values.hotReload.enabled -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }}-luascripts name: {{ include "fluent-bit.fullname" . }}-luascripts
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
data: data:

View File

@ -1,8 +1,9 @@
{{- if (empty .Values.existingConfigMap) -}} {{- if not .Values.existingConfigMap -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
data: data:

View File

@ -3,6 +3,7 @@ apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.labels }} {{- with .Values.labels }}
@ -25,17 +26,23 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels: labels:
{{- include "fluent-bit.selectorLabels" . | nindent 8 }} {{- include "fluent-bit.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }} {{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }}
annotations:
{{- if not .Values.hotReload.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.luaScripts }}
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
spec: spec:
{{- include "fluent-bit.pod" . | nindent 6 }} {{- include "fluent-bit.pod" . | nindent 6 }}
{{- end }} {{- end }}

View File

@ -3,6 +3,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.labels }} {{- with .Values.labels }}
@ -28,17 +29,23 @@ spec:
{{- end }} {{- end }}
template: template:
metadata: metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels: labels:
{{- include "fluent-bit.selectorLabels" . | nindent 8 }} {{- include "fluent-bit.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }} {{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }}
annotations:
{{- if not .Values.hotReload.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.luaScripts }}
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
{{- end }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
spec: spec:
{{- include "fluent-bit.pod" . | nindent 6 }} {{- include "fluent-bit.pod" . | nindent 6 }}
{{- end }} {{- end }}

View File

@ -1,8 +1,9 @@
{{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }} {{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta2 apiVersion: {{ include "fluent-bit.hpa.apiVersion" . }}
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
spec: spec:

View File

@ -9,6 +9,7 @@ apiVersion: {{ include "fluent-bit.ingress.apiVersion" . }}
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ $fullName }} name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }} {{- with .Values.ingress.annotations }}

View File

@ -3,6 +3,7 @@ apiVersion: "networking.k8s.io/v1"
kind: "NetworkPolicy" kind: "NetworkPolicy"
metadata: metadata:
name: {{ include "fluent-bit.fullname" . | quote }} name: {{ include "fluent-bit.fullname" . | quote }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
spec: spec:

View File

@ -3,6 +3,7 @@ apiVersion: {{ include "fluent-bit.pdb.apiVersion" . }}
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.podDisruptionBudget.annotations }} {{- with .Values.podDisruptionBudget.annotations }}

View File

@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
{{- with .Values.prometheusRule.namespace }} namespace: {{ default $.Release.Namespace .Values.prometheusRule.namespace }}
namespace: {{ . }}
{{- end }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- if .Values.prometheusRule.additionalLabels }} {{- if .Values.prometheusRule.additionalLabels }}

View File

@ -2,10 +2,12 @@
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints kind: SecurityContextConstraints
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.openShiftSccName" . }}
{{- if .Values.openShift.securityContextConstraints.annotations }} labels:
{{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.openShift.securityContextConstraints.annotations }}
annotations: annotations:
{{- toYaml .Values.openShift.securityContextConstraints.annotations | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
allowPrivilegedContainer: true allowPrivilegedContainer: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
@ -30,8 +32,10 @@ supplementalGroups:
type: RunAsAny type: RunAsAny
volumes: volumes:
- configMap - configMap
- downwardAPI
- emptyDir - emptyDir
- hostPath - hostPath
- persistentVolumeClaim - persistentVolumeClaim
- projected
- secret - secret
{{- end }} {{- end }}

View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.service.labels }} {{- with .Values.service.labels }}

View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "fluent-bit.serviceAccountName" . }} name: {{ include "fluent-bit.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }} {{- with .Values.serviceAccount.annotations }}

View File

@ -3,18 +3,14 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "fluent-bit.fullname" . }} name: {{ template "fluent-bit.fullname" . }}
{{- with .Values.serviceMonitor.namespace }} namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.selector }} {{- with .Values.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.serviceMonitor.jobLabel }} jobLabel: app.kubernetes.io/instance
jobLabel: {{ .Values.serviceMonitor.jobLabel }}
{{- end }}
endpoints: endpoints:
- port: http - port: http
path: /api/v1/metrics/prometheus path: /api/v1/metrics/prometheus

View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: "{{ include "fluent-bit.fullname" . }}-test-connection" name: "{{ include "fluent-bit.fullname" . }}-test-connection"
namespace: {{ default .Release.Namespace .Values.testFramework.namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
annotations: annotations:
@ -10,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: "{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}" image: {{ include "fluent-bit.image" .Values.testFramework.image | quote }}
imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }} imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }}
command: ['wget'] command: ['wget']
args: ['{{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}'] args: ['{{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}']

View File

@ -3,6 +3,7 @@ apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler kind: VerticalPodAutoscaler
metadata: metadata:
name: {{ include "fluent-bit.fullname" . }} name: {{ include "fluent-bit.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "fluent-bit.labels" . | nindent 4 }} {{- include "fluent-bit.labels" . | nindent 4 }}
{{- with .Values.autoscaling.vpa.annotations }} {{- with .Values.autoscaling.vpa.annotations }}

View File

@ -9,15 +9,19 @@ replicaCount: 1
image: image:
repository: cr.fluentbit.io/fluent/fluent-bit repository: cr.fluentbit.io/fluent/fluent-bit
# Overrides the image tag whose default is {{ .Chart.AppVersion }} # Overrides the image tag whose default is {{ .Chart.AppVersion }}
tag: "" # Set to "-" to not use the default value
tag:
digest:
pullPolicy: Always pullPolicy: Always
testFramework: testFramework:
enabled: true enabled: true
namespace:
image: image:
repository: busybox repository: busybox
pullPolicy: Always pullPolicy: Always
tag: latest tag: latest
digest:
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
@ -31,6 +35,7 @@ serviceAccount:
rbac: rbac:
create: true create: true
nodeAccess: false nodeAccess: false
eventsAccess: false
# Configure podsecuritypolicy # Configure podsecuritypolicy
# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ # Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@ -41,13 +46,16 @@ podSecurityPolicy:
create: false create: false
annotations: {} annotations: {}
# OpenShift-specific configuration
openShift: openShift:
# Sets Openshift support
enabled: false enabled: false
# Creates SCC for Fluent-bit when Openshift support is enabled
securityContextConstraints: securityContextConstraints:
# Create SCC for Fluent-bit and allow use it
create: true create: true
name: ""
annotations: {} annotations: {}
# Use existing SCC in cluster, rather then create new one
existingName: ""
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000
@ -98,7 +106,6 @@ serviceMonitor:
# namespace: monitoring # namespace: monitoring
# interval: 10s # interval: 10s
# scrapeTimeout: 10s # scrapeTimeout: 10s
# jobLabel: fluentbit
# selector: # selector:
# prometheus: my-prometheus # prometheus: my-prometheus
# ## metric relabel configs to apply to samples before ingestion. # ## metric relabel configs to apply to samples before ingestion.
@ -167,6 +174,7 @@ prometheusRule:
dashboards: dashboards:
enabled: false enabled: false
labelKey: grafana_dashboard labelKey: grafana_dashboard
labelValue: 1
annotations: {} annotations: {}
namespace: "" namespace: ""
@ -196,7 +204,7 @@ resources: {}
## only available if kind is Deployment ## only available if kind is Deployment
ingress: ingress:
enabled: false enabled: false
className: "" ingressClassName: ""
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
@ -347,8 +355,8 @@ config:
Daemon Off Daemon Off
Flush {{ .Values.flush }} Flush {{ .Values.flush }}
Log_Level {{ .Values.logLevel }} Log_Level {{ .Values.logLevel }}
Parsers_File parsers.conf Parsers_File /fluent-bit/etc/parsers.conf
Parsers_File custom_parsers.conf Parsers_File /fluent-bit/etc/conf/custom_parsers.conf
HTTP_Server On HTTP_Server On
HTTP_Listen 0.0.0.0 HTTP_Listen 0.0.0.0
HTTP_Port {{ .Values.metricsPort }} HTTP_Port {{ .Values.metricsPort }}
@ -410,7 +418,7 @@ config:
Time_Key time Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L Time_Format %Y-%m-%dT%H:%M:%S.%L
# This allows adding more files with arbitary filenames to /fluent-bit/etc by providing key/value pairs. # This allows adding more files with arbitary filenames to /fluent-bit/etc/conf by providing key/value pairs.
# The key becomes the filename, the value becomes the file content. # The key becomes the filename, the value becomes the file content.
extraFiles: {} extraFiles: {}
# upstream.conf: | # upstream.conf: |
@ -430,11 +438,7 @@ config:
# The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname" # The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname"
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /fluent-bit/etc/fluent-bit.conf mountPath: /fluent-bit/etc/conf
subPath: fluent-bit.conf
- name: config
mountPath: /fluent-bit/etc/custom_parsers.conf
subPath: custom_parsers.conf
daemonSetVolumes: daemonSetVolumes:
- name: varlog - name: varlog
@ -458,9 +462,12 @@ daemonSetVolumeMounts:
mountPath: /etc/machine-id mountPath: /etc/machine-id
readOnly: true readOnly: true
args: [] command:
- /fluent-bit/bin/fluent-bit
command: [] args:
- --workdir=/fluent-bit/etc
- --config=/fluent-bit/etc/conf/fluent-bit.conf
# This supports either a structured array or a templatable string # This supports either a structured array or a templatable string
initContainers: [] initContainers: []
@ -478,3 +485,12 @@ initContainers: []
# command: ['kubectl', 'version'] # command: ['kubectl', 'version']
logLevel: info logLevel: info
hotReload:
enabled: false
image:
repository: ghcr.io/jimmidyson/configmap-reload
tag: v0.11.1
digest:
pullPolicy: IfNotPresent
resources: {}

View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.14.6 appVersion: v1.15.2
description: A Helm chart for Kubernetes description: A Helm chart for Kubernetes
home: https://www.fluentd.org/ home: https://www.fluentd.org/
icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png
@ -12,4 +12,4 @@ name: fluentd
sources: sources:
- https://github.com/fluent/fluentd/ - https://github.com/fluent/fluentd/
- https://github.com/fluent/fluentd-kubernetes-daemonset - https://github.com/fluent/fluentd-kubernetes-daemonset
version: 0.3.9 version: 0.4.3

View File

@ -16,6 +16,17 @@ To install a release named `fluentd`, run:
```sh ```sh
helm install fluentd fluent/fluentd helm install fluentd fluent/fluentd
``` ```
## Upgrading
### To 0.4.0
Although the services will deploy and generally work, version 0.4.0 introduces some changes that are considered _breaking changes_. To upgrade, you should do the following to avoid any potential conflicts or problems:
- Add the `mountVarLogDirectory` and `mountDockerContainersDirectory` values and set them to the values you need; to follow the previous setup where these were mounted by default, set the values to `true`, e.g. `mountVarLogDirectory: true`
- If you have the `varlog` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountVarLogDirectory` to true
- If you have the `varlibdockercontainers` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountDockerContainersDirectory` to true
- Remove the previous default volume and volume mount definitions - `etcfluentd-main`, `etcfluentd-config`, `varlog`, and `varlibdockercontainers`
- Remove the `FLUENTD_CONF` entry from the `env:` list
## Chart Values ## Chart Values

View File

@ -61,3 +61,32 @@ Create the name of the service account to use
{{ default "default" .Values.serviceAccount.name }} {{ default "default" .Values.serviceAccount.name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Shortened version of the releaseName, applied as a suffix to numerous resources.
*/}}
{{- define "fluentd.shortReleaseName" -}}
{{- .Release.Name | trunc 35 | trimSuffix "-" -}}
{{- end -}}
{{/*
Name of the configMap used for the fluentd.conf configuration file; allows users to override the default.
*/}}
{{- define "fluentd.mainConfigMapName" -}}
{{- if .Values.mainConfigMapNameOverride -}}
{{ .Values.mainConfigMapNameOverride }}
{{- else -}}
{{ printf "%s-%s" "fluentd-main" ( include "fluentd.shortReleaseName" . ) }}
{{- end -}}
{{- end -}}
{{/*
Name of the configMap used for additional configuration files; allows users to override the default.
*/}}
{{- define "fluentd.extraFilesConfigMapName" -}}
{{- if .Values.extraFilesConfigMapNameOverride -}}
{{ printf "%s" .Values.extraFilesConfigMapNameOverride }}
{{- else -}}
{{ printf "%s-%s" "fluentd-config" ( include "fluentd.shortReleaseName" . ) }}
{{- end -}}
{{- end -}}

View File

@ -33,13 +33,15 @@ containers:
{{- end }} {{- end }}
exec /fluentd/entrypoint.sh exec /fluentd/entrypoint.sh
{{- end }} {{- end }}
{{- if .Values.env }}
env: env:
{{- toYaml .Values.env | nindent 6 }} - name: FLUENTD_CONF
value: "../../../etc/fluent/fluent.conf"
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.envFrom }} {{- if .Values.envFrom }}
envFrom: envFrom:
{{- toYaml .Values.envFrom | nindent 6 }} {{- toYaml .Values.envFrom | nindent 4 }}
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: metrics
@ -61,21 +63,56 @@ containers:
resources: resources:
{{- toYaml .Values.resources | nindent 8 }} {{- toYaml .Values.resources | nindent 8 }}
volumeMounts: volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 6 }} - name: etcfluentd-main
mountPath: /etc/fluent
- name: etcfluentd-config
mountPath: /etc/fluent/config.d/
{{- if .Values.mountVarLogDirectory }}
- name: varlog
mountPath: /var/log
{{- end }}
{{- if .Values.mountDockerContainersDirectory }}
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
{{- end }}
{{- if .Values.volumeMounts -}}
{{- toYaml .Values.volumeMounts | nindent 4 }}
{{- end -}}
{{- range $key := .Values.configMapConfigs }} {{- range $key := .Values.configMapConfigs }}
{{- print "- name: fluentd-custom-cm-" $key | nindent 6 }} {{- print "- name: " $key | nindent 4 }}
{{- print "mountPath: /etc/fluent/" $key ".d" | nindent 8 }} {{- print "mountPath: /etc/fluent/" $key ".d" | nindent 6 }}
{{- end }} {{- end }}
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
- mountPath: /var/log/fluent - mountPath: /var/log/fluent
name: {{ include "fluentd.fullname" . }}-buffer name: {{ include "fluentd.fullname" . }}-buffer
{{- end }} {{- end }}
volumes: volumes:
{{- toYaml .Values.volumes | nindent 2 }} - name: etcfluentd-main
{{- range $key := .Values.configMapConfigs }}
{{- print "- name: fluentd-custom-cm-" $key | nindent 2 }}
configMap: configMap:
{{- print "name: " . | nindent 6 }} name: {{ include "fluentd.mainConfigMapName" . }}
defaultMode: 0777
- name: etcfluentd-config
configMap:
name: {{ include "fluentd.extraFilesConfigMapName" . }}
defaultMode: 0777
{{- if .Values.mountVarLogDirectory }}
- name: varlog
hostPath:
path: /var/log
{{- end }}
{{- if .Values.mountDockerContainersDirectory }}
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
{{- end }}
{{- if .Values.volumes -}}
{{- toYaml .Values.volumes | nindent 0 }}
{{- end -}}
{{- range $key := .Values.configMapConfigs }}
{{- print "- name: " $key | nindent 0 }}
configMap:
{{- print "name: " $key "-" ( include "fluentd.shortReleaseName" $ ) | nindent 4 }}
defaultMode: 0777 defaultMode: 0777
{{- end }} {{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}

View File

@ -15,6 +15,7 @@ rules:
- get - get
- list - list
- watch - watch
{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }}
- apiGroups: - apiGroups:
- policy - policy
resourceNames: resourceNames:
@ -23,4 +24,5 @@ rules:
- podsecuritypolicies - podsecuritypolicies
verbs: verbs:
- use - use
{{- end }}
{{- end -}} {{- end -}}

View File

@ -3,7 +3,7 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: dashboard-{{ trimSuffix ".json" (base $path) }} name: dashboard-{{ trimSuffix ".json" (base $path) }}-{{ include "fluentd.shortReleaseName" $ }}
namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }} namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }}
labels: labels:
{{- include "fluentd.labels" $ | nindent 4 }} {{- include "fluentd.labels" $ | nindent 4 }}

View File

@ -3,7 +3,7 @@ kind: ConfigMap
metadata: metadata:
labels: labels:
{{- include "fluentd.labels" . | nindent 4 }} {{- include "fluentd.labels" . | nindent 4 }}
name: fluentd-prometheus-conf name: fluentd-prometheus-conf-{{ include "fluentd.shortReleaseName" . }}
data: data:
prometheus.conf: |- prometheus.conf: |-
<source> <source>

View File

@ -1,7 +1,9 @@
{{- if not .Values.extraFilesConfigMapNameOverride }}
---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: fluentd-config name: fluentd-config-{{ include "fluentd.shortReleaseName" . }}
labels: labels:
{{- include "fluentd.labels" . | nindent 4 }} {{- include "fluentd.labels" . | nindent 4 }}
data: data:
@ -9,13 +11,14 @@ data:
{{$key }}: |- {{$key }}: |-
{{- (tpl $value $) | nindent 4 }} {{- (tpl $value $) | nindent 4 }}
{{- end }} {{- end }}
{{- end }}
{{- if not .Values.mainConfigMapNameOverride }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: fluentd-main name: fluentd-main-{{ include "fluentd.shortReleaseName" . }}
labels: labels:
{{- include "fluentd.labels" . | nindent 4 }} {{- include "fluentd.labels" . | nindent 4 }}
data: data:
@ -32,3 +35,4 @@ data:
{{- range $key := .Values.configMapConfigs }} {{- range $key := .Values.configMapConfigs }}
{{- print "@include " $key ".d/*" | nindent 4 }} {{- print "@include " $key ".d/*" | nindent 4 }}
{{- end }} {{- end }}
{{- end }}

View File

@ -1,4 +1,4 @@
{{- if .Values.podSecurityPolicy.enabled }} {{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) -}}
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:

View File

@ -27,8 +27,9 @@ serviceAccount:
rbac: rbac:
create: true create: true
# Configure podsecuritypolicy # from Kubernetes 1.25, PSP is deprecated
# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ # See: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes
# We automatically disable PSP if Kubernetes version is 1.25 or higher
podSecurityPolicy: podSecurityPolicy:
enabled: true enabled: true
annotations: {} annotations: {}
@ -163,9 +164,9 @@ updateStrategy: {}
# maxUnavailable: 1 # maxUnavailable: 1
## Additional environment variables to set for fluentd pods ## Additional environment variables to set for fluentd pods
env: env: []
- name: "FLUENTD_CONF" # - name: "FLUENTD_CONF"
value: "../../../etc/fluent/fluent.conf" # value: "../../../etc/fluent/fluent.conf"
# - name: FLUENT_ELASTICSEARCH_HOST # - name: FLUENT_ELASTICSEARCH_HOST
# value: "elasticsearch-master" # value: "elasticsearch-master"
# - name: FLUENT_ELASTICSEARCH_PORT # - name: FLUENT_ELASTICSEARCH_PORT
@ -175,32 +176,19 @@ envFrom: []
initContainers: [] initContainers: []
volumes: ## Name of the configMap containing a custom fluentd.conf configuration file to use instead of the default.
- name: varlog # mainConfigMapNameOverride: ""
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: etcfluentd-main
configMap:
name: fluentd-main
defaultMode: 0777
- name: etcfluentd-config
configMap:
name: fluentd-config
defaultMode: 0777
volumeMounts: ## Name of the configMap containing files to be placed under /etc/fluent/config.d/
- name: varlog ## NOTE: This will replace ALL default files in the aforementioned path!
mountPath: /var/log # extraFilesConfigMapNameOverride: ""
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers mountVarLogDirectory: true
readOnly: true mountDockerContainersDirectory: true
- name: etcfluentd-main
mountPath: /etc/fluent volumes: []
- name: etcfluentd-config
mountPath: /etc/fluent/config.d/ volumeMounts: []
## Only available if kind is StatefulSet ## Only available if kind is StatefulSet
## Fluentd persistence ## Fluentd persistence
@ -295,8 +283,8 @@ plugins: []
## Add fluentd config files from K8s configMaps ## Add fluentd config files from K8s configMaps
## ##
configMapConfigs: configMapConfigs: []
- fluentd-prometheus-conf # - fluentd-prometheus-conf
# - fluentd-systemd-conf # - fluentd-systemd-conf
## Fluentd configurations: ## Fluentd configurations:

View File

@ -1,90 +1,3 @@
diff -tubrN charts/fluentd/templates/files.conf/systemd.yaml charts/fluentd.zdt/templates/files.conf/systemd.yaml
--- charts/fluentd/templates/files.conf/systemd.yaml 2021-02-12 18:13:04.000000000 +0100
+++ charts/fluentd.zdt/templates/files.conf/systemd.yaml 1970-01-01 01:00:00.000000000 +0100
@@ -1,83 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- {{- include "fluentd.labels" . | nindent 4 }}
- name: fluentd-systemd-conf
-data:
- systemd.conf: |-
- <source>
- @type systemd
- @id in_systemd_internal_kubernetes
- @label @KUBERNETES_SYSTEM
- matches [{"_SYSTEMD_UNIT":"kubelet.service"},{"_SYSTEMD_UNIT":"kube-apiserver.service"},{"_SYSTEMD_UNIT":"kube-controller-manager.service"},{"_SYSTEMD_UNIT":"kube-proxy.service"},{"_SYSTEMD_UNIT":"kube-scheduler.service"}]
- read_from_head true
- tag "internal-kubernetes.systemd"
- <storage>
- @type "local"
- persistent true
- path "/var/log/fluentd-journald-internal_kubernetes-cursor.json"
- </storage>
- <entry>
- fields_strip_underscores true
- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"}
- field_map_strict true
- </entry>
- </source>
-
- <source>
- @type systemd
- @id in_systemd_etcd
- @label @KUBERNETES_SYSTEM
- matches [{"_SYSTEMD_UNIT":"etcd.service"}]
- read_from_head true
- tag "etcd.systemd"
- <storage>
- @type "local"
- persistent true
- path "/var/log/fluentd-journald-internal_etcd-cursor.json"
- </storage>
- <entry>
- fields_strip_underscores true
- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"}
- field_map_strict true
- </entry>
- </source>
-
- <label @KUBERNETES_SYSTEM>
- <filter internal-kubernetes.systemd>
- @type parser
- key_name message
- <parse>
- @type regexp
- expression /^(?<level>[a-zA-Z])[0-9]* ([\d:.]+)\s+\d+ (?<file>[a-zA-Z-_.]+):(?<line>[\d]+)\]\s+(?<log>.*)$/
- </parse>
- reserve_data true
- reserve_time true
- </filter>
-
- <filter etcd.systemd>
- @type parser
- key_name message
- <parse>
- @type regexp
- expression /^([^ ]+\s[^ ]+) (?<level>[A-Z]) \| (?<component>[a-zA-Z-_.]+): (?<log>.*)$/
- </parse>
- reserve_data true
- reserve_time true
- </filter>
-
- <filter **>
- @type record_transformer
- enable_ruby
- <record>
- raw ${record["message"]}
- </record>
- remove_keys message
- </filter>
-
- <match **>
- @type relabel
- @label @DISPATCH
- </match>
- </label>
diff -tubrN charts/fluentd/templates/fluentd-configurations-cm.yaml charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml diff -tubrN charts/fluentd/templates/fluentd-configurations-cm.yaml charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml
--- charts/fluentd/templates/fluentd-configurations-cm.yaml 2021-02-12 18:13:04.000000000 +0100 --- charts/fluentd/templates/fluentd-configurations-cm.yaml 2021-02-12 18:13:04.000000000 +0100
+++ charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml 2021-03-09 17:54:34.904992401 +0100 +++ charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml 2021-03-09 17:54:34.904992401 +0100

View File

@ -11,13 +11,17 @@ patch_chart eck-operator
# fix ECK crds handling to adhere to proper helm v3 support which also fixes ArgoCD applying updates on upgrades # fix ECK crds handling to adhere to proper helm v3 support which also fixes ArgoCD applying updates on upgrades
mkdir charts/eck-operator/crds mkdir charts/eck-operator/crds
helm template charts/eck-operator/charts/eck-operator-crds --name-template logging > charts/eck-operator/crds/all-crds.yaml helm template charts/eck-operator/charts/eck-operator-crds --name-template logging --kube-version 1.26 > charts/eck-operator/crds/all-crds.yaml
rm -rf charts/eck-operator/charts rm -rf charts/eck-operator/charts
yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml
# fluent-bit
patch_chart fluent-bit
# FluentD # FluentD
patch_chart fluentd patch_chart fluentd
rm -f charts/fluentd/templates/files.conf/systemd.yaml
# Fetch dashboards from Grafana.com and update ZDT CM # Fetch dashboards from Grafana.com and update ZDT CM
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/fluent-bit/grafana-dashboards.yaml ../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/fluent-bit/grafana-dashboards.yaml

View File

@ -244,7 +244,7 @@ fluent-bit:
image: image:
#repository: public.ecr.aws/zero-downtime/fluent-bit #repository: public.ecr.aws/zero-downtime/fluent-bit
tag: 2.0.10 #tag: 2.0.10
testFramework: testFramework:
enabled: false enabled: false

View File

@ -93,7 +93,7 @@ metrics:
logging: logging:
enabled: false enabled: false
namespace: logging namespace: logging
targetRevision: 0.8.6 targetRevision: 0.8.7
argocd: argocd:
enabled: false enabled: false