Version bump logging module for 1.26
This commit is contained in:
parent
ee99a3bbde
commit
7081bf1144
@ -21,3 +21,4 @@
|
|||||||
.idea/
|
.idea/
|
||||||
*.tmproj
|
*.tmproj
|
||||||
.vscode/
|
.vscode/
|
||||||
|
templates/tests
|
@ -1,9 +1,10 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 2.4.0
|
appVersion: 2.9.0
|
||||||
description: 'A Helm chart for deploying the Elastic Cloud on Kubernetes (ECK) operator: the official Kubernetes operator for orchestrating Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats.'
|
description: Elastic Cloud on Kubernetes (ECK) operator
|
||||||
home: https://github.com/elastic/cloud-on-k8s
|
home: https://github.com/elastic/cloud-on-k8s
|
||||||
icon: https://helm.elastic.co/icons/eck.png
|
icon: https://helm.elastic.co/icons/eck.png
|
||||||
keywords:
|
keywords:
|
||||||
|
- Logstash
|
||||||
- Elasticsearch
|
- Elasticsearch
|
||||||
- Kibana
|
- Kibana
|
||||||
- APM Server
|
- APM Server
|
||||||
@ -11,10 +12,10 @@ keywords:
|
|||||||
- Enterprise Search
|
- Enterprise Search
|
||||||
- Elastic Stack
|
- Elastic Stack
|
||||||
- Operator
|
- Operator
|
||||||
kubeVersion: '>=1.12.0-0'
|
kubeVersion: '>=1.21.0-0'
|
||||||
maintainers:
|
maintainers:
|
||||||
- email: eck@elastic.co
|
- email: eck@elastic.co
|
||||||
name: Elastic
|
name: Elastic
|
||||||
name: eck-operator
|
name: eck-operator
|
||||||
type: application
|
type: application
|
||||||
version: 2.4.0
|
version: 2.9.0
|
||||||
|
93
charts/kubezero-logging/charts/eck-operator/LICENSE
Normal file
93
charts/kubezero-logging/charts/eck-operator/LICENSE
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
Elastic License 2.0
|
||||||
|
|
||||||
|
URL: https://www.elastic.co/licensing/elastic-license
|
||||||
|
|
||||||
|
## Acceptance
|
||||||
|
|
||||||
|
By using the software, you agree to all of the terms and conditions below.
|
||||||
|
|
||||||
|
## Copyright License
|
||||||
|
|
||||||
|
The licensor grants you a non-exclusive, royalty-free, worldwide,
|
||||||
|
non-sublicensable, non-transferable license to use, copy, distribute, make
|
||||||
|
available, and prepare derivative works of the software, in each case subject to
|
||||||
|
the limitations and conditions below.
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
You may not provide the software to third parties as a hosted or managed
|
||||||
|
service, where the service provides users with access to any substantial set of
|
||||||
|
the features or functionality of the software.
|
||||||
|
|
||||||
|
You may not move, change, disable, or circumvent the license key functionality
|
||||||
|
in the software, and you may not remove or obscure any functionality in the
|
||||||
|
software that is protected by the license key.
|
||||||
|
|
||||||
|
You may not alter, remove, or obscure any licensing, copyright, or other notices
|
||||||
|
of the licensor in the software. Any use of the licensor’s trademarks is subject
|
||||||
|
to applicable law.
|
||||||
|
|
||||||
|
## Patents
|
||||||
|
|
||||||
|
The licensor grants you a license, under any patent claims the licensor can
|
||||||
|
license, or becomes able to license, to make, have made, use, sell, offer for
|
||||||
|
sale, import and have imported the software, in each case subject to the
|
||||||
|
limitations and conditions in this license. This license does not cover any
|
||||||
|
patent claims that you cause to be infringed by modifications or additions to
|
||||||
|
the software. If you or your company make any written claim that the software
|
||||||
|
infringes or contributes to infringement of any patent, your patent license for
|
||||||
|
the software granted under these terms ends immediately. If your company makes
|
||||||
|
such a claim, your patent license ends immediately for work on behalf of your
|
||||||
|
company.
|
||||||
|
|
||||||
|
## Notices
|
||||||
|
|
||||||
|
You must ensure that anyone who gets a copy of any part of the software from you
|
||||||
|
also gets a copy of these terms.
|
||||||
|
|
||||||
|
If you modify the software, you must include in any modified copies of the
|
||||||
|
software prominent notices stating that you have modified the software.
|
||||||
|
|
||||||
|
## No Other Rights
|
||||||
|
|
||||||
|
These terms do not imply any licenses other than those expressly granted in
|
||||||
|
these terms.
|
||||||
|
|
||||||
|
## Termination
|
||||||
|
|
||||||
|
If you use the software in violation of these terms, such use is not licensed,
|
||||||
|
and your licenses will automatically terminate. If the licensor provides you
|
||||||
|
with a notice of your violation, and you cease all violation of this license no
|
||||||
|
later than 30 days after you receive that notice, your licenses will be
|
||||||
|
reinstated retroactively. However, if you violate these terms after such
|
||||||
|
reinstatement, any additional violation of these terms will cause your licenses
|
||||||
|
to terminate automatically and permanently.
|
||||||
|
|
||||||
|
## No Liability
|
||||||
|
|
||||||
|
*As far as the law allows, the software comes as is, without any warranty or
|
||||||
|
condition, and the licensor will not be liable to you for any damages arising
|
||||||
|
out of these terms or the use or nature of the software, under any kind of
|
||||||
|
legal claim.*
|
||||||
|
|
||||||
|
## Definitions
|
||||||
|
|
||||||
|
The **licensor** is the entity offering these terms, and the **software** is the
|
||||||
|
software the licensor makes available under these terms, including any portion
|
||||||
|
of it.
|
||||||
|
|
||||||
|
**you** refers to the individual or entity agreeing to these terms.
|
||||||
|
|
||||||
|
**your company** is any legal entity, sole proprietorship, or other kind of
|
||||||
|
organization that you work for, plus all organizations that have control over,
|
||||||
|
are under the control of, or are under common control with that
|
||||||
|
organization. **control** means ownership of substantially all the assets of an
|
||||||
|
entity, or the power to direct its management and policies by vote, contract, or
|
||||||
|
otherwise. Control can be direct or indirect.
|
||||||
|
|
||||||
|
**your licenses** are all the licenses granted to you for the software under
|
||||||
|
these terms.
|
||||||
|
|
||||||
|
**use** means anything you do with the software requiring one of your licenses.
|
||||||
|
|
||||||
|
**trademark** means trademarks, service marks, and similar rights.
|
File diff suppressed because it is too large
Load Diff
@ -206,6 +206,19 @@ updating docs/operating-eck/eck-permissions.asciidoc file.
|
|||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
- patch
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- autoscaling.k8s.elastic.co
|
||||||
|
resources:
|
||||||
|
- elasticsearchautoscalers
|
||||||
|
- elasticsearchautoscalers/status
|
||||||
|
- elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- kibana.k8s.elastic.co
|
- kibana.k8s.elastic.co
|
||||||
resources:
|
resources:
|
||||||
@ -284,6 +297,32 @@ updating docs/operating-eck/eck-permissions.asciidoc file.
|
|||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
- patch
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- stackconfigpolicy.k8s.elastic.co
|
||||||
|
resources:
|
||||||
|
- stackconfigpolicies
|
||||||
|
- stackconfigpolicies/status
|
||||||
|
- stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- logstash.k8s.elastic.co
|
||||||
|
resources:
|
||||||
|
- logstashes
|
||||||
|
- logstashes/status
|
||||||
|
- logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
|
@ -26,6 +26,9 @@ rules:
|
|||||||
- apiGroups: ["elasticsearch.k8s.elastic.co"]
|
- apiGroups: ["elasticsearch.k8s.elastic.co"]
|
||||||
resources: ["elasticsearches"]
|
resources: ["elasticsearches"]
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: ["autoscaling.k8s.elastic.co"]
|
||||||
|
resources: ["elasticsearchautoscalers"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
- apiGroups: ["apm.k8s.elastic.co"]
|
- apiGroups: ["apm.k8s.elastic.co"]
|
||||||
resources: ["apmservers"]
|
resources: ["apmservers"]
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
@ -44,6 +47,12 @@ rules:
|
|||||||
- apiGroups: ["maps.k8s.elastic.co"]
|
- apiGroups: ["maps.k8s.elastic.co"]
|
||||||
resources: ["elasticmapsservers"]
|
resources: ["elasticmapsservers"]
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
|
||||||
|
resources: ["stackconfigpolicies"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: ["logstash.k8s.elastic.co"]
|
||||||
|
resources: ["logstashes"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
@ -57,6 +66,9 @@ rules:
|
|||||||
- apiGroups: ["elasticsearch.k8s.elastic.co"]
|
- apiGroups: ["elasticsearch.k8s.elastic.co"]
|
||||||
resources: ["elasticsearches"]
|
resources: ["elasticsearches"]
|
||||||
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
|
- apiGroups: ["autoscaling.k8s.elastic.co"]
|
||||||
|
resources: ["elasticsearchautoscalers"]
|
||||||
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
- apiGroups: ["apm.k8s.elastic.co"]
|
- apiGroups: ["apm.k8s.elastic.co"]
|
||||||
resources: ["apmservers"]
|
resources: ["apmservers"]
|
||||||
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
@ -75,4 +87,10 @@ rules:
|
|||||||
- apiGroups: ["maps.k8s.elastic.co"]
|
- apiGroups: ["maps.k8s.elastic.co"]
|
||||||
resources: ["elasticmapsservers"]
|
resources: ["elasticmapsservers"]
|
||||||
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
|
- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
|
||||||
|
resources: ["stackconfigpolicies"]
|
||||||
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
|
- apiGroups: ["logstash.k8s.elastic.co"]
|
||||||
|
resources: ["logstashes"]
|
||||||
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -11,21 +11,33 @@ data:
|
|||||||
log-verbosity: {{ int .Values.config.logVerbosity }}
|
log-verbosity: {{ int .Values.config.logVerbosity }}
|
||||||
metrics-port: {{ int .Values.config.metricsPort }}
|
metrics-port: {{ int .Values.config.metricsPort }}
|
||||||
container-registry: {{ .Values.config.containerRegistry }}
|
container-registry: {{ .Values.config.containerRegistry }}
|
||||||
|
{{- with .Values.config.containerSuffix }}
|
||||||
|
container-suffix: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.config.containerRepository }}
|
||||||
|
container-repository: {{ . }}
|
||||||
|
{{- end }}
|
||||||
max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }}
|
max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }}
|
||||||
|
{{- with .Values.config.passwordHashCacheSize }}
|
||||||
|
password-hash-cache-size: {{ int . }}
|
||||||
|
{{- end }}
|
||||||
ca-cert-validity: {{ .Values.config.caValidity }}
|
ca-cert-validity: {{ .Values.config.caValidity }}
|
||||||
ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
|
ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
|
||||||
cert-validity: {{ .Values.config.certificatesValidity }}
|
cert-validity: {{ .Values.config.certificatesValidity }}
|
||||||
cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
|
cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
|
||||||
{{- if .Values.config.exposedNodeLabels }}
|
{{- with .Values.config.exposedNodeLabels }}
|
||||||
exposed-node-labels: [{{ join "," .Values.config.exposedNodeLabels }}]
|
exposed-node-labels: [{{ join "," . }}]
|
||||||
{{- end }}
|
{{- end }}
|
||||||
set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
|
set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
|
||||||
kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
|
kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
|
||||||
|
{{- with .Values.config.kubeClientQPS }}
|
||||||
|
kube-client-qps: {{ int . }}
|
||||||
|
{{- end }}
|
||||||
elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }}
|
elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }}
|
||||||
disable-telemetry: {{ .Values.telemetry.disabled }}
|
disable-telemetry: {{ .Values.telemetry.disabled }}
|
||||||
distribution-channel: {{ .Values.telemetry.distributionChannel }}
|
distribution-channel: {{ .Values.telemetry.distributionChannel }}
|
||||||
{{- if .Values.telemetry.interval }}
|
{{- with .Values.telemetry.interval }}
|
||||||
telemetry-interval: {{ .Values.telemetry.interval }}
|
telemetry-interval: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
validate-storage-class: {{ .Values.config.validateStorageClass }}
|
validate-storage-class: {{ .Values.config.validateStorageClass }}
|
||||||
{{- if .Values.tracing.enabled }}
|
{{- if .Values.tracing.enabled }}
|
||||||
@ -41,8 +53,10 @@ data:
|
|||||||
manage-webhook-certs: false
|
manage-webhook-certs: false
|
||||||
webhook-cert-dir: {{ .Values.webhook.certsDir }}
|
webhook-cert-dir: {{ .Values.webhook.certsDir }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
webhook-port: {{ .Values.webhook.port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.managedNamespaces }}
|
{{- with .Values.managedNamespaces }}
|
||||||
namespaces: [{{ join "," .Values.managedNamespaces }}]
|
namespaces: [{{ join "," . }}]
|
||||||
{{- end }}
|
{{- end }}
|
||||||
enable-leader-election: {{ .Values.config.enableLeaderElection }}
|
enable-leader-election: {{ .Values.config.enableLeaderElection }}
|
||||||
|
elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}
|
||||||
|
@ -44,7 +44,7 @@ spec:
|
|||||||
ingress:
|
ingress:
|
||||||
{{- if .Values.webhook.enabled }}
|
{{- if .Values.webhook.enabled }}
|
||||||
- ports:
|
- ports:
|
||||||
- port: 9443
|
- port: {{ .Values.webhook.port }}
|
||||||
from:
|
from:
|
||||||
- ipBlock:
|
- ipBlock:
|
||||||
cidr: "{{ $kubeAPIServerIP }}/32"
|
cidr: "{{ $kubeAPIServerIP }}/32"
|
||||||
|
@ -0,0 +1,19 @@
|
|||||||
|
{{- if .Values.podDisruptionBudget.enabled }}
|
||||||
|
apiVersion: policy/v1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ include "eck-operator.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "eck-operator.labels" . | indent 4 }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.podDisruptionBudget.minAvailable }}
|
||||||
|
minAvailable: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.podDisruptionBudget.maxUnavailable }}
|
||||||
|
maxUnavailable: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "eck-operator.selectorLabels" . | indent 6 }}
|
||||||
|
{{- end -}}
|
@ -6,8 +6,8 @@ metadata:
|
|||||||
name: {{ include "eck-operator.fullname" . }}
|
name: {{ include "eck-operator.fullname" . }}
|
||||||
namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }}
|
namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }}
|
||||||
labels: {{- include "eck-operator.labels" . | nindent 4 }}
|
labels: {{- include "eck-operator.labels" . | nindent 4 }}
|
||||||
{{- if .Values.podMonitor.labels }}
|
{{- with .Values.podMonitor.labels }}
|
||||||
{{- toYaml .Values.podMonitor.labels | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.podMonitor.annotations }}
|
{{- with .Values.podMonitor.annotations }}
|
||||||
annotations: {{- toYaml . | nindent 4 }}
|
annotations: {{- toYaml . | nindent 4 }}
|
||||||
@ -19,14 +19,14 @@ spec:
|
|||||||
podMetricsEndpoints:
|
podMetricsEndpoints:
|
||||||
- port: metrics
|
- port: metrics
|
||||||
path: /metrics
|
path: /metrics
|
||||||
{{- if .Values.podMonitor.interval }}
|
{{- with .Values.podMonitor.interval }}
|
||||||
interval: {{ .Values.podMonitor.interval }}
|
interval: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.podMonitor.scrapeTimeout }}
|
{{- with .Values.podMonitor.scrapeTimeout }}
|
||||||
scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }}
|
scrapeTimeout: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.podMonitor.podMetricsEndpointConfig }}
|
{{- with .Values.podMonitor.podMetricsEndpointConfig }}
|
||||||
{{- toYaml .Values.podMonitor.podMetricsEndpointConfig | nindent 6 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
matchNames:
|
matchNames:
|
||||||
|
@ -31,8 +31,8 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
terminationGracePeriodSeconds: 10
|
terminationGracePeriodSeconds: 10
|
||||||
serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
|
serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
|
||||||
{{- if .Values.priorityClassName }}
|
{{- with .Values.priorityClassName }}
|
||||||
priorityClassName: {{ .Values.priorityClassName }}
|
priorityClassName: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.podSecurityContext }}
|
{{- with .Values.podSecurityContext }}
|
||||||
securityContext:
|
securityContext:
|
||||||
@ -87,7 +87,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.webhook.enabled }}
|
{{- if .Values.webhook.enabled }}
|
||||||
- containerPort: 9443
|
- containerPort: {{ .Values.webhook.port }}
|
||||||
name: https-webhook
|
name: https-webhook
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -117,6 +117,10 @@ spec:
|
|||||||
{{- with .Values.volumes }}
|
{{- with .Values.volumes }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.hostNetwork }}
|
||||||
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
|
@ -6,13 +6,15 @@ metadata:
|
|||||||
name: {{ include "eck-operator.webhookName" . }}
|
name: {{ include "eck-operator.webhookName" . }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "eck-operator.labels" . | nindent 4 }}
|
{{- include "eck-operator.labels" . | nindent 4 }}
|
||||||
{{- if .Values.webhook.certManagerCert }}
|
{{- with .Values.webhook.certManagerCert }}
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ .Values.webhook.certManagerCert }}"
|
cert-manager.io/inject-ca-from: "{{ $.Release.Namespace }}/{{ . }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
webhooks:
|
webhooks:
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -28,7 +30,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-agent-validation-v1alpha1.k8s.elastic.co
|
name: elastic-agent-validation-v1alpha1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -41,7 +43,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- agents
|
- agents
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -57,7 +61,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-apm-validation-v1.k8s.elastic.co
|
name: elastic-apm-validation-v1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -70,7 +74,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- apmservers
|
- apmservers
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -86,7 +92,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-apm-validation-v1beta1.k8s.elastic.co
|
name: elastic-apm-validation-v1beta1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -99,7 +105,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- apmservers
|
- apmservers
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -115,7 +123,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-beat-validation-v1beta1.k8s.elastic.co
|
name: elastic-beat-validation-v1beta1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -128,7 +136,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- beats
|
- beats
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -144,7 +154,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-ent-validation-v1.k8s.elastic.co
|
name: elastic-ent-validation-v1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -157,7 +167,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- enterprisesearches
|
- enterprisesearches
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -173,7 +185,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-ent-validation-v1beta1.k8s.elastic.co
|
name: elastic-ent-validation-v1beta1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -186,7 +198,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- enterprisesearches
|
- enterprisesearches
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -202,7 +216,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-es-validation-v1.k8s.elastic.co
|
name: elastic-es-validation-v1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -215,7 +229,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- elasticsearches
|
- elasticsearches
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -231,7 +247,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-es-validation-v1beta1.k8s.elastic.co
|
name: elastic-es-validation-v1beta1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -244,7 +260,40 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- elasticsearches
|
- elasticsearches
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
|
service:
|
||||||
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers
|
||||||
|
failurePolicy: {{ .Values.webhook.failurePolicy }}
|
||||||
|
{{- with .Values.webhook.namespaceSelector }}
|
||||||
|
namespaceSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.webhook.objectSelector }}
|
||||||
|
objectSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: elastic-ems-validation-v1alpha1.k8s.elastic.co
|
||||||
|
matchPolicy: Exact
|
||||||
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
|
sideEffects: None
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- maps.k8s.elastic.co
|
||||||
|
apiVersions:
|
||||||
|
- v1alpha1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- mapsservers
|
||||||
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -260,7 +309,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-kb-validation-v1.k8s.elastic.co
|
name: elastic-kb-validation-v1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -273,7 +322,9 @@ webhooks:
|
|||||||
resources:
|
resources:
|
||||||
- kibanas
|
- kibanas
|
||||||
- clientConfig:
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
caBundle: {{ .Values.webhook.caBundle }}
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
service:
|
service:
|
||||||
name: {{ include "eck-operator.webhookServiceName" . }}
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -289,7 +340,7 @@ webhooks:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
name: elastic-kb-validation-v1beta1.k8s.elastic.co
|
name: elastic-kb-validation-v1beta1.k8s.elastic.co
|
||||||
matchPolicy: Exact
|
matchPolicy: Exact
|
||||||
admissionReviewVersions: [v1beta1]
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -301,6 +352,99 @@ webhooks:
|
|||||||
- UPDATE
|
- UPDATE
|
||||||
resources:
|
resources:
|
||||||
- kibanas
|
- kibanas
|
||||||
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
|
service:
|
||||||
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
|
||||||
|
failurePolicy: {{ .Values.webhook.failurePolicy }}
|
||||||
|
{{- with .Values.webhook.namespaceSelector }}
|
||||||
|
namespaceSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.webhook.objectSelector }}
|
||||||
|
objectSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: elastic-esa-validation-v1alpha1.k8s.elastic.co
|
||||||
|
matchPolicy: Exact
|
||||||
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
|
sideEffects: None
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- autoscaling.k8s.elastic.co
|
||||||
|
apiVersions:
|
||||||
|
- v1alpha1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- elasticsearchautoscalers
|
||||||
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
|
service:
|
||||||
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
|
||||||
|
failurePolicy: {{ .Values.webhook.failurePolicy }}
|
||||||
|
{{- with .Values.webhook.namespaceSelector }}
|
||||||
|
namespaceSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.webhook.objectSelector }}
|
||||||
|
objectSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: elastic-scp-validation-v1alpha1.k8s.elastic.co
|
||||||
|
matchPolicy: Exact
|
||||||
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
|
sideEffects: None
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- stackconfigpolicy.k8s.elastic.co
|
||||||
|
apiVersions:
|
||||||
|
- v1alpha1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- stackconfigpolicies
|
||||||
|
- clientConfig:
|
||||||
|
{{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
|
||||||
|
caBundle: {{ .Values.webhook.caBundle }}
|
||||||
|
{{- end }}
|
||||||
|
service:
|
||||||
|
name: {{ include "eck-operator.webhookServiceName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash
|
||||||
|
failurePolicy: {{ .Values.webhook.failurePolicy }}
|
||||||
|
{{- with .Values.webhook.namespaceSelector }}
|
||||||
|
namespaceSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.webhook.objectSelector }}
|
||||||
|
objectSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: elastic-logstash-validation-v1alpha1.k8s.elastic.co
|
||||||
|
matchPolicy: Exact
|
||||||
|
admissionReviewVersions: [v1,v1beta1]
|
||||||
|
sideEffects: None
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- logstash.k8s.elastic.co
|
||||||
|
apiVersions:
|
||||||
|
- v1alpha1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- logstashes
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -313,7 +457,7 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: https
|
- name: https
|
||||||
port: 443
|
port: 443
|
||||||
targetPort: 9443
|
targetPort: {{ .Values.webhook.port }}
|
||||||
selector:
|
selector:
|
||||||
{{- include "eck-operator.selectorLabels" . | nindent 4 }}
|
{{- include "eck-operator.selectorLabels" . | nindent 4 }}
|
||||||
{{- if .Values.webhook.manageCerts }}
|
{{- if .Values.webhook.manageCerts }}
|
||||||
|
@ -51,7 +51,13 @@ podSecurityContext:
|
|||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
|
||||||
# securityContext defines the security context of the operator container.
|
# securityContext defines the security context of the operator container.
|
||||||
securityContext: {}
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
|
||||||
# nodeSelector defines the node selector for the operator pod.
|
# nodeSelector defines the node selector for the operator pod.
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
@ -62,6 +68,13 @@ tolerations: []
|
|||||||
# affinity defines the node affinity rules for the operator pod.
|
# affinity defines the node affinity rules for the operator pod.
|
||||||
affinity: {}
|
affinity: {}
|
||||||
|
|
||||||
|
# podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
|
||||||
|
# set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
|
||||||
|
podDisruptionBudget:
|
||||||
|
enabled: false
|
||||||
|
minAvailable: 1
|
||||||
|
# maxUnavailable: 3
|
||||||
|
|
||||||
# additional environment variables for the operator container.
|
# additional environment variables for the operator container.
|
||||||
env: []
|
env: []
|
||||||
|
|
||||||
@ -113,6 +126,13 @@ webhook:
|
|||||||
# objectSelector corresponds to the objectSelector property of the webhook.
|
# objectSelector corresponds to the objectSelector property of the webhook.
|
||||||
# Setting this restricts the webhook to act only on objects that match the selector.
|
# Setting this restricts the webhook to act only on objects that match the selector.
|
||||||
objectSelector: {}
|
objectSelector: {}
|
||||||
|
# port is the port that the validating webhook binds to.
|
||||||
|
port: 9443
|
||||||
|
|
||||||
|
# hostNetwork allows a Pod to use the Node network namespace.
|
||||||
|
# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
|
||||||
|
# CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
|
||||||
|
hostNetwork: false
|
||||||
|
|
||||||
softMultiTenancy:
|
softMultiTenancy:
|
||||||
# enabled determines whether the operator is installed with soft multi-tenancy extensions.
|
# enabled determines whether the operator is installed with soft multi-tenancy extensions.
|
||||||
@ -143,6 +163,12 @@ config:
|
|||||||
# containerRegistry to use for pulling Elasticsearch and other application container images.
|
# containerRegistry to use for pulling Elasticsearch and other application container images.
|
||||||
containerRegistry: docker.elastic.co
|
containerRegistry: docker.elastic.co
|
||||||
|
|
||||||
|
# containerRepository to use for pulling Elasticsearch and other application container images.
|
||||||
|
# containerRepository: ""
|
||||||
|
|
||||||
|
# containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
|
||||||
|
# containerSuffix: ""
|
||||||
|
|
||||||
# maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
|
# maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
|
||||||
maxConcurrentReconciles: "3"
|
maxConcurrentReconciles: "3"
|
||||||
|
|
||||||
@ -182,6 +208,9 @@ config:
|
|||||||
# enableLeaderElection specifies whether leader election should be enabled
|
# enableLeaderElection specifies whether leader election should be enabled
|
||||||
enableLeaderElection: true
|
enableLeaderElection: true
|
||||||
|
|
||||||
|
# Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
|
||||||
|
elasticsearchObservationInterval: 10s
|
||||||
|
|
||||||
# Prometheus PodMonitor configuration
|
# Prometheus PodMonitor configuration
|
||||||
# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
|
# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
|
||||||
podMonitor:
|
podMonitor:
|
||||||
@ -222,5 +251,4 @@ global:
|
|||||||
# Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
|
# Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
|
||||||
createOperatorNamespace: true
|
createOperatorNamespace: true
|
||||||
# kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
|
# kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
|
||||||
kubeVersion: 1.16.0
|
kubeVersion: 1.21.0
|
||||||
|
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
annotations:
|
annotations:
|
||||||
artifacthub.io/changes: |
|
artifacthub.io/changes: |
|
||||||
- kind: changed
|
- kind: added
|
||||||
description: "Updated Fluent Bit image to v2.0.9."
|
description: "Added events permission to ClusteRole"
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
appVersion: 2.0.9
|
appVersion: 2.1.8
|
||||||
description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
|
description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
|
||||||
family operating systems.
|
family operating systems.
|
||||||
home: https://fluentbit.io/
|
home: https://fluentbit.io/
|
||||||
@ -24,4 +24,4 @@ maintainers:
|
|||||||
name: fluent-bit
|
name: fluent-bit
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/fluent/fluent-bit/
|
- https://github.com/fluent/fluent-bit/
|
||||||
version: 0.24.0
|
version: 0.37.1
|
||||||
|
@ -1 +1,4 @@
|
|||||||
logLevel: debug
|
logLevel: debug
|
||||||
|
|
||||||
|
dashboards:
|
||||||
|
enabled: true
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -62,6 +62,15 @@ Create the name of the service account to use
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Fluent-bit image with tag/digest
|
||||||
|
*/}}
|
||||||
|
{{- define "fluent-bit.image" -}}
|
||||||
|
{{- $tag := ternary "" (printf ":%s" (toString .tag)) (or (empty .tag) (eq "-" (toString .tag))) -}}
|
||||||
|
{{- $digest := ternary "" (printf "@%s" .digest) (empty .digest) -}}
|
||||||
|
{{- printf "%s%s%s" .repository $tag $digest -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Ingress ApiVersion according k8s version
|
Ingress ApiVersion according k8s version
|
||||||
*/}}
|
*/}}
|
||||||
@ -104,3 +113,26 @@ policy/v1
|
|||||||
policy/v1beta1
|
policy/v1beta1
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
HPA ApiVersion according k8s version
|
||||||
|
Check legacy first so helm template / kustomize will default to latest version
|
||||||
|
*/}}
|
||||||
|
{{- define "fluent-bit.hpa.apiVersion" -}}
|
||||||
|
{{- if and (.Capabilities.APIVersions.Has "autoscaling/v2beta2") (semverCompare "<1.23-0" .Capabilities.KubeVersion.GitVersion) -}}
|
||||||
|
autoscaling/v2beta2
|
||||||
|
{{- else -}}
|
||||||
|
autoscaling/v2
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of OpenShift SecurityContextConstraints to use
|
||||||
|
*/}}
|
||||||
|
{{- define "fluent-bit.openShiftSccName" -}}
|
||||||
|
{{- if not .Values.openShift.securityContextConstraints.create -}}
|
||||||
|
{{- printf "%s" .Values.openShift.securityContextConstraints.existingName -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s" (default (include "fluent-bit.fullname" .) .Values.openShift.securityContextConstraints.name) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
@ -38,7 +38,7 @@ containers:
|
|||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 6 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
|
image: {{ include "fluent-bit.image" (merge .Values.image (dict "tag" (default .Chart.AppVersion .Values.image.tag))) | quote }}
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
{{- if or .Values.env .Values.envWithTpl }}
|
{{- if or .Values.env .Values.envWithTpl }}
|
||||||
env:
|
env:
|
||||||
@ -54,13 +54,16 @@ containers:
|
|||||||
envFrom:
|
envFrom:
|
||||||
{{- toYaml .Values.envFrom | nindent 6 }}
|
{{- toYaml .Values.envFrom | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.args }}
|
{{- with .Values.command }}
|
||||||
|
command:
|
||||||
|
{{- toYaml . | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.args .Values.hotReload.enabled }}
|
||||||
args:
|
args:
|
||||||
{{- toYaml .Values.args | nindent 6 }}
|
{{- toYaml .Values.args | nindent 6 }}
|
||||||
|
{{- if .Values.hotReload.enabled }}
|
||||||
|
- --enable-hot-reload
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.command }}
|
|
||||||
command:
|
|
||||||
{{- toYaml .Values.command | nindent 6 }}
|
|
||||||
{{- end}}
|
{{- end}}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
@ -86,16 +89,11 @@ containers:
|
|||||||
{{- toYaml . | nindent 6 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{- toYaml .Values.volumeMounts | nindent 6 }}
|
|
||||||
{{- range $key, $val := .Values.config.extraFiles }}
|
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /fluent-bit/etc/{{ $key }}
|
mountPath: /fluent-bit/etc/conf
|
||||||
subPath: {{ $key }}
|
{{- if or .Values.luaScripts .Values.hotReload.enabled }}
|
||||||
{{- end }}
|
|
||||||
{{- range $key, $value := .Values.luaScripts }}
|
|
||||||
- name: luascripts
|
- name: luascripts
|
||||||
mountPath: /fluent-bit/scripts/{{ $key }}
|
mountPath: /fluent-bit/scripts
|
||||||
subPath: {{ $key }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if eq .Values.kind "DaemonSet" }}
|
{{- if eq .Values.kind "DaemonSet" }}
|
||||||
{{- toYaml .Values.daemonSetVolumeMounts | nindent 6 }}
|
{{- toYaml .Values.daemonSetVolumeMounts | nindent 6 }}
|
||||||
@ -103,14 +101,31 @@ containers:
|
|||||||
{{- if .Values.extraVolumeMounts }}
|
{{- if .Values.extraVolumeMounts }}
|
||||||
{{- toYaml .Values.extraVolumeMounts | nindent 6 }}
|
{{- toYaml .Values.extraVolumeMounts | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.hotReload.enabled }}
|
||||||
|
- name: reloader
|
||||||
|
image: {{ include "fluent-bit.image" .Values.hotReload.image }}
|
||||||
|
args:
|
||||||
|
- {{ printf "-webhook-url=http://localhost:%s/api/v2/reload" (toString .Values.metricsPort) }}
|
||||||
|
- -volume-dir=/watch/config
|
||||||
|
- -volume-dir=/watch/scripts
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /watch/config
|
||||||
|
- name: luascripts
|
||||||
|
mountPath: /watch/scripts
|
||||||
|
{{- with .Values.hotReload.resources }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.extraContainers }}
|
{{- if .Values.extraContainers }}
|
||||||
{{- toYaml .Values.extraContainers | nindent 2 }}
|
{{- toYaml .Values.extraContainers | nindent 2 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: config
|
- name: config
|
||||||
configMap:
|
configMap:
|
||||||
name: {{ if .Values.existingConfigMap }}{{ .Values.existingConfigMap }}{{- else }}{{ include "fluent-bit.fullname" . }}{{- end }}
|
name: {{ default (include "fluent-bit.fullname" .) .Values.existingConfigMap }}
|
||||||
{{- if gt (len .Values.luaScripts) 0 }}
|
{{- if or .Values.luaScripts .Values.hotReload.enabled }}
|
||||||
- name: luascripts
|
- name: luascripts
|
||||||
configMap:
|
configMap:
|
||||||
name: {{ include "fluent-bit.fullname" . }}-luascripts
|
name: {{ include "fluent-bit.fullname" . }}-luascripts
|
||||||
|
@ -15,6 +15,9 @@ rules:
|
|||||||
- nodes
|
- nodes
|
||||||
- nodes/proxy
|
- nodes/proxy
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.rbac.eventsAccess }}
|
||||||
|
- events
|
||||||
|
{{- end }}
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
@ -29,13 +32,13 @@ rules:
|
|||||||
verbs:
|
verbs:
|
||||||
- use
|
- use
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }}
|
{{- if .Values.openShift.enabled }}
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- security.openshift.io
|
- security.openshift.io
|
||||||
resources:
|
resources:
|
||||||
- securitycontextconstraints
|
- securitycontextconstraints
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- {{ include "fluent-bit.fullname" . }}
|
- {{ include "fluent-bit.openShiftSccName" . }}
|
||||||
verbs:
|
verbs:
|
||||||
- use
|
- use
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -5,18 +5,16 @@ apiVersion: v1
|
|||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }}
|
name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }}
|
||||||
{{- with $.Values.dashboards.namespace }}
|
namespace: {{ default $.Release.Namespace $.Values.dashboards.namespace }}
|
||||||
namespace: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with $.Values.dashboards.annotations }}
|
{{- with $.Values.dashboards.annotations }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml . | nindent 4 -}}
|
{{- toYaml . | nindent 4 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" $ | nindent 4 }}
|
{{- include "fluent-bit.labels" $ | nindent 4 }}
|
||||||
{{ $.Values.dashboards.labelKey }}: "1"
|
{{ $.Values.dashboards.labelKey }}: {{ $.Values.dashboards.labelValue | quote }}
|
||||||
data:
|
data:
|
||||||
{{ base $path }}: |
|
{{ include "fluent-bit.fullname" $ }}-{{ base $path }}: |
|
||||||
{{- tpl ($.Files.Get $path) $ | nindent 4 }}
|
{{- tpl ($.Files.Get $path) $ | nindent 4 }}
|
||||||
---
|
---
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{{- if gt (len .Values.luaScripts) 0 -}}
|
{{- if or .Values.luaScripts .Values.hotReload.enabled -}}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}-luascripts
|
name: {{ include "fluent-bit.fullname" . }}-luascripts
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
data:
|
data:
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{{- if (empty .Values.existingConfigMap) -}}
|
{{- if not .Values.existingConfigMap -}}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
data:
|
data:
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: apps/v1
|
|||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.labels }}
|
{{- with .Values.labels }}
|
||||||
@ -25,17 +26,23 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
|
|
||||||
{{- with .Values.podAnnotations }}
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.selectorLabels" . | nindent 8 }}
|
{{- include "fluent-bit.selectorLabels" . | nindent 8 }}
|
||||||
{{- with .Values.podLabels }}
|
{{- with .Values.podLabels }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{- if not .Values.hotReload.enabled }}
|
||||||
|
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||||
|
{{- if .Values.luaScripts }}
|
||||||
|
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- include "fluent-bit.pod" . | nindent 6 }}
|
{{- include "fluent-bit.pod" . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: apps/v1
|
|||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.labels }}
|
{{- with .Values.labels }}
|
||||||
@ -28,17 +29,23 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
|
|
||||||
{{- with .Values.podAnnotations }}
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.selectorLabels" . | nindent 8 }}
|
{{- include "fluent-bit.selectorLabels" . | nindent 8 }}
|
||||||
{{- with .Values.podLabels }}
|
{{- with .Values.podLabels }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{- if not .Values.hotReload.enabled }}
|
||||||
|
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||||
|
{{- if .Values.luaScripts }}
|
||||||
|
checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- include "fluent-bit.pod" . | nindent 6 }}
|
{{- include "fluent-bit.pod" . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
{{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }}
|
{{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }}
|
||||||
apiVersion: autoscaling/v2beta2
|
apiVersion: {{ include "fluent-bit.hpa.apiVersion" . }}
|
||||||
kind: HorizontalPodAutoscaler
|
kind: HorizontalPodAutoscaler
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
|
@ -9,6 +9,7 @@ apiVersion: {{ include "fluent-bit.ingress.apiVersion" . }}
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.ingress.annotations }}
|
{{- with .Values.ingress.annotations }}
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: "networking.k8s.io/v1"
|
|||||||
kind: "NetworkPolicy"
|
kind: "NetworkPolicy"
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . | quote }}
|
name: {{ include "fluent-bit.fullname" . | quote }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: {{ include "fluent-bit.pdb.apiVersion" . }}
|
|||||||
kind: PodDisruptionBudget
|
kind: PodDisruptionBudget
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.podDisruptionBudget.annotations }}
|
{{- with .Values.podDisruptionBudget.annotations }}
|
||||||
|
@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1
|
|||||||
kind: PrometheusRule
|
kind: PrometheusRule
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
{{- with .Values.prometheusRule.namespace }}
|
namespace: {{ default $.Release.Namespace .Values.prometheusRule.namespace }}
|
||||||
namespace: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- if .Values.prometheusRule.additionalLabels }}
|
{{- if .Values.prometheusRule.additionalLabels }}
|
||||||
|
@ -2,10 +2,12 @@
|
|||||||
apiVersion: security.openshift.io/v1
|
apiVersion: security.openshift.io/v1
|
||||||
kind: SecurityContextConstraints
|
kind: SecurityContextConstraints
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.openShiftSccName" . }}
|
||||||
{{- if .Values.openShift.securityContextConstraints.annotations }}
|
labels:
|
||||||
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.openShift.securityContextConstraints.annotations }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml .Values.openShift.securityContextConstraints.annotations | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
allowPrivilegedContainer: true
|
allowPrivilegedContainer: true
|
||||||
allowPrivilegeEscalation: true
|
allowPrivilegeEscalation: true
|
||||||
@ -30,8 +32,10 @@ supplementalGroups:
|
|||||||
type: RunAsAny
|
type: RunAsAny
|
||||||
volumes:
|
volumes:
|
||||||
- configMap
|
- configMap
|
||||||
|
- downwardAPI
|
||||||
- emptyDir
|
- emptyDir
|
||||||
- hostPath
|
- hostPath
|
||||||
- persistentVolumeClaim
|
- persistentVolumeClaim
|
||||||
|
- projected
|
||||||
- secret
|
- secret
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -2,6 +2,7 @@ apiVersion: v1
|
|||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.service.labels }}
|
{{- with .Values.service.labels }}
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: v1
|
|||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.serviceAccountName" . }}
|
name: {{ include "fluent-bit.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.serviceAccount.annotations }}
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
@ -3,18 +3,14 @@ apiVersion: monitoring.coreos.com/v1
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "fluent-bit.fullname" . }}
|
name: {{ template "fluent-bit.fullname" . }}
|
||||||
{{- with .Values.serviceMonitor.namespace }}
|
namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }}
|
||||||
namespace: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.serviceMonitor.selector }}
|
{{- with .Values.serviceMonitor.selector }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.serviceMonitor.jobLabel }}
|
jobLabel: app.kubernetes.io/instance
|
||||||
jobLabel: {{ .Values.serviceMonitor.jobLabel }}
|
|
||||||
{{- end }}
|
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: http
|
- port: http
|
||||||
path: /api/v1/metrics/prometheus
|
path: /api/v1/metrics/prometheus
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: v1
|
|||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ include "fluent-bit.fullname" . }}-test-connection"
|
name: "{{ include "fluent-bit.fullname" . }}-test-connection"
|
||||||
|
namespace: {{ default .Release.Namespace .Values.testFramework.namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
@ -10,7 +11,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: wget
|
- name: wget
|
||||||
image: "{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}"
|
image: {{ include "fluent-bit.image" .Values.testFramework.image | quote }}
|
||||||
imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }}
|
||||||
command: ['wget']
|
command: ['wget']
|
||||||
args: ['{{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}']
|
args: ['{{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}']
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: autoscaling.k8s.io/v1
|
|||||||
kind: VerticalPodAutoscaler
|
kind: VerticalPodAutoscaler
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "fluent-bit.fullname" . }}
|
name: {{ include "fluent-bit.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluent-bit.labels" . | nindent 4 }}
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
||||||
{{- with .Values.autoscaling.vpa.annotations }}
|
{{- with .Values.autoscaling.vpa.annotations }}
|
||||||
|
@ -9,15 +9,19 @@ replicaCount: 1
|
|||||||
image:
|
image:
|
||||||
repository: cr.fluentbit.io/fluent/fluent-bit
|
repository: cr.fluentbit.io/fluent/fluent-bit
|
||||||
# Overrides the image tag whose default is {{ .Chart.AppVersion }}
|
# Overrides the image tag whose default is {{ .Chart.AppVersion }}
|
||||||
tag: ""
|
# Set to "-" to not use the default value
|
||||||
|
tag:
|
||||||
|
digest:
|
||||||
pullPolicy: Always
|
pullPolicy: Always
|
||||||
|
|
||||||
testFramework:
|
testFramework:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
namespace:
|
||||||
image:
|
image:
|
||||||
repository: busybox
|
repository: busybox
|
||||||
pullPolicy: Always
|
pullPolicy: Always
|
||||||
tag: latest
|
tag: latest
|
||||||
|
digest:
|
||||||
|
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
@ -31,6 +35,7 @@ serviceAccount:
|
|||||||
rbac:
|
rbac:
|
||||||
create: true
|
create: true
|
||||||
nodeAccess: false
|
nodeAccess: false
|
||||||
|
eventsAccess: false
|
||||||
|
|
||||||
# Configure podsecuritypolicy
|
# Configure podsecuritypolicy
|
||||||
# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||||
@ -41,13 +46,16 @@ podSecurityPolicy:
|
|||||||
create: false
|
create: false
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
|
||||||
|
# OpenShift-specific configuration
|
||||||
openShift:
|
openShift:
|
||||||
# Sets Openshift support
|
|
||||||
enabled: false
|
enabled: false
|
||||||
# Creates SCC for Fluent-bit when Openshift support is enabled
|
|
||||||
securityContextConstraints:
|
securityContextConstraints:
|
||||||
|
# Create SCC for Fluent-bit and allow use it
|
||||||
create: true
|
create: true
|
||||||
|
name: ""
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
# Use existing SCC in cluster, rather then create new one
|
||||||
|
existingName: ""
|
||||||
|
|
||||||
podSecurityContext: {}
|
podSecurityContext: {}
|
||||||
# fsGroup: 2000
|
# fsGroup: 2000
|
||||||
@ -98,7 +106,6 @@ serviceMonitor:
|
|||||||
# namespace: monitoring
|
# namespace: monitoring
|
||||||
# interval: 10s
|
# interval: 10s
|
||||||
# scrapeTimeout: 10s
|
# scrapeTimeout: 10s
|
||||||
# jobLabel: fluentbit
|
|
||||||
# selector:
|
# selector:
|
||||||
# prometheus: my-prometheus
|
# prometheus: my-prometheus
|
||||||
# ## metric relabel configs to apply to samples before ingestion.
|
# ## metric relabel configs to apply to samples before ingestion.
|
||||||
@ -167,6 +174,7 @@ prometheusRule:
|
|||||||
dashboards:
|
dashboards:
|
||||||
enabled: false
|
enabled: false
|
||||||
labelKey: grafana_dashboard
|
labelKey: grafana_dashboard
|
||||||
|
labelValue: 1
|
||||||
annotations: {}
|
annotations: {}
|
||||||
namespace: ""
|
namespace: ""
|
||||||
|
|
||||||
@ -196,7 +204,7 @@ resources: {}
|
|||||||
## only available if kind is Deployment
|
## only available if kind is Deployment
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
className: ""
|
ingressClassName: ""
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# kubernetes.io/ingress.class: nginx
|
# kubernetes.io/ingress.class: nginx
|
||||||
# kubernetes.io/tls-acme: "true"
|
# kubernetes.io/tls-acme: "true"
|
||||||
@ -347,8 +355,8 @@ config:
|
|||||||
Daemon Off
|
Daemon Off
|
||||||
Flush {{ .Values.flush }}
|
Flush {{ .Values.flush }}
|
||||||
Log_Level {{ .Values.logLevel }}
|
Log_Level {{ .Values.logLevel }}
|
||||||
Parsers_File parsers.conf
|
Parsers_File /fluent-bit/etc/parsers.conf
|
||||||
Parsers_File custom_parsers.conf
|
Parsers_File /fluent-bit/etc/conf/custom_parsers.conf
|
||||||
HTTP_Server On
|
HTTP_Server On
|
||||||
HTTP_Listen 0.0.0.0
|
HTTP_Listen 0.0.0.0
|
||||||
HTTP_Port {{ .Values.metricsPort }}
|
HTTP_Port {{ .Values.metricsPort }}
|
||||||
@ -410,7 +418,7 @@ config:
|
|||||||
Time_Key time
|
Time_Key time
|
||||||
Time_Format %Y-%m-%dT%H:%M:%S.%L
|
Time_Format %Y-%m-%dT%H:%M:%S.%L
|
||||||
|
|
||||||
# This allows adding more files with arbitary filenames to /fluent-bit/etc by providing key/value pairs.
|
# This allows adding more files with arbitary filenames to /fluent-bit/etc/conf by providing key/value pairs.
|
||||||
# The key becomes the filename, the value becomes the file content.
|
# The key becomes the filename, the value becomes the file content.
|
||||||
extraFiles: {}
|
extraFiles: {}
|
||||||
# upstream.conf: |
|
# upstream.conf: |
|
||||||
@ -430,11 +438,7 @@ config:
|
|||||||
# The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname"
|
# The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /fluent-bit/etc/fluent-bit.conf
|
mountPath: /fluent-bit/etc/conf
|
||||||
subPath: fluent-bit.conf
|
|
||||||
- name: config
|
|
||||||
mountPath: /fluent-bit/etc/custom_parsers.conf
|
|
||||||
subPath: custom_parsers.conf
|
|
||||||
|
|
||||||
daemonSetVolumes:
|
daemonSetVolumes:
|
||||||
- name: varlog
|
- name: varlog
|
||||||
@ -458,9 +462,12 @@ daemonSetVolumeMounts:
|
|||||||
mountPath: /etc/machine-id
|
mountPath: /etc/machine-id
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
||||||
args: []
|
command:
|
||||||
|
- /fluent-bit/bin/fluent-bit
|
||||||
|
|
||||||
command: []
|
args:
|
||||||
|
- --workdir=/fluent-bit/etc
|
||||||
|
- --config=/fluent-bit/etc/conf/fluent-bit.conf
|
||||||
|
|
||||||
# This supports either a structured array or a templatable string
|
# This supports either a structured array or a templatable string
|
||||||
initContainers: []
|
initContainers: []
|
||||||
@ -478,3 +485,12 @@ initContainers: []
|
|||||||
# command: ['kubectl', 'version']
|
# command: ['kubectl', 'version']
|
||||||
|
|
||||||
logLevel: info
|
logLevel: info
|
||||||
|
|
||||||
|
hotReload:
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/jimmidyson/configmap-reload
|
||||||
|
tag: v0.11.1
|
||||||
|
digest:
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
resources: {}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v1.14.6
|
appVersion: v1.15.2
|
||||||
description: A Helm chart for Kubernetes
|
description: A Helm chart for Kubernetes
|
||||||
home: https://www.fluentd.org/
|
home: https://www.fluentd.org/
|
||||||
icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png
|
icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png
|
||||||
@ -12,4 +12,4 @@ name: fluentd
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/fluent/fluentd/
|
- https://github.com/fluent/fluentd/
|
||||||
- https://github.com/fluent/fluentd-kubernetes-daemonset
|
- https://github.com/fluent/fluentd-kubernetes-daemonset
|
||||||
version: 0.3.9
|
version: 0.4.3
|
||||||
|
@ -16,6 +16,17 @@ To install a release named `fluentd`, run:
|
|||||||
```sh
|
```sh
|
||||||
helm install fluentd fluent/fluentd
|
helm install fluentd fluent/fluentd
|
||||||
```
|
```
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
### To 0.4.0
|
||||||
|
|
||||||
|
Although the services will deploy and generally work, version 0.4.0 introduces some changes that are considered _breaking changes_. To upgrade, you should do the following to avoid any potential conflicts or problems:
|
||||||
|
|
||||||
|
- Add the `mountVarLogDirectory` and `mountDockerContainersDirectory` values and set them to the values you need; to follow the previous setup where these were mounted by default, set the values to `true`, e.g. `mountVarLogDirectory: true`
|
||||||
|
- If you have the `varlog` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountVarLogDirectory` to true
|
||||||
|
- If you have the `varlibdockercontainers` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountDockerContainersDirectory` to true
|
||||||
|
- Remove the previous default volume and volume mount definitions - `etcfluentd-main`, `etcfluentd-config`, `varlog`, and `varlibdockercontainers`
|
||||||
|
- Remove the `FLUENTD_CONF` entry from the `env:` list
|
||||||
|
|
||||||
## Chart Values
|
## Chart Values
|
||||||
|
|
||||||
|
@ -61,3 +61,32 @@ Create the name of the service account to use
|
|||||||
{{ default "default" .Values.serviceAccount.name }}
|
{{ default "default" .Values.serviceAccount.name }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Shortened version of the releaseName, applied as a suffix to numerous resources.
|
||||||
|
*/}}
|
||||||
|
{{- define "fluentd.shortReleaseName" -}}
|
||||||
|
{{- .Release.Name | trunc 35 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Name of the configMap used for the fluentd.conf configuration file; allows users to override the default.
|
||||||
|
*/}}
|
||||||
|
{{- define "fluentd.mainConfigMapName" -}}
|
||||||
|
{{- if .Values.mainConfigMapNameOverride -}}
|
||||||
|
{{ .Values.mainConfigMapNameOverride }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "%s-%s" "fluentd-main" ( include "fluentd.shortReleaseName" . ) }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Name of the configMap used for additional configuration files; allows users to override the default.
|
||||||
|
*/}}
|
||||||
|
{{- define "fluentd.extraFilesConfigMapName" -}}
|
||||||
|
{{- if .Values.extraFilesConfigMapNameOverride -}}
|
||||||
|
{{ printf "%s" .Values.extraFilesConfigMapNameOverride }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "%s-%s" "fluentd-config" ( include "fluentd.shortReleaseName" . ) }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
@ -33,13 +33,15 @@ containers:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
exec /fluentd/entrypoint.sh
|
exec /fluentd/entrypoint.sh
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.env }}
|
|
||||||
env:
|
env:
|
||||||
{{- toYaml .Values.env | nindent 6 }}
|
- name: FLUENTD_CONF
|
||||||
|
value: "../../../etc/fluent/fluent.conf"
|
||||||
|
{{- if .Values.env }}
|
||||||
|
{{- toYaml .Values.env | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.envFrom }}
|
{{- if .Values.envFrom }}
|
||||||
envFrom:
|
envFrom:
|
||||||
{{- toYaml .Values.envFrom | nindent 6 }}
|
{{- toYaml .Values.envFrom | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
ports:
|
ports:
|
||||||
- name: metrics
|
- name: metrics
|
||||||
@ -61,21 +63,56 @@ containers:
|
|||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 8 }}
|
{{- toYaml .Values.resources | nindent 8 }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{- toYaml .Values.volumeMounts | nindent 6 }}
|
- name: etcfluentd-main
|
||||||
|
mountPath: /etc/fluent
|
||||||
|
- name: etcfluentd-config
|
||||||
|
mountPath: /etc/fluent/config.d/
|
||||||
|
{{- if .Values.mountVarLogDirectory }}
|
||||||
|
- name: varlog
|
||||||
|
mountPath: /var/log
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.mountDockerContainersDirectory }}
|
||||||
|
- name: varlibdockercontainers
|
||||||
|
mountPath: /var/lib/docker/containers
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.volumeMounts -}}
|
||||||
|
{{- toYaml .Values.volumeMounts | nindent 4 }}
|
||||||
|
{{- end -}}
|
||||||
{{- range $key := .Values.configMapConfigs }}
|
{{- range $key := .Values.configMapConfigs }}
|
||||||
{{- print "- name: fluentd-custom-cm-" $key | nindent 6 }}
|
{{- print "- name: " $key | nindent 4 }}
|
||||||
{{- print "mountPath: /etc/fluent/" $key ".d" | nindent 8 }}
|
{{- print "mountPath: /etc/fluent/" $key ".d" | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.persistence.enabled }}
|
{{- if .Values.persistence.enabled }}
|
||||||
- mountPath: /var/log/fluent
|
- mountPath: /var/log/fluent
|
||||||
name: {{ include "fluentd.fullname" . }}-buffer
|
name: {{ include "fluentd.fullname" . }}-buffer
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumes:
|
volumes:
|
||||||
{{- toYaml .Values.volumes | nindent 2 }}
|
- name: etcfluentd-main
|
||||||
{{- range $key := .Values.configMapConfigs }}
|
|
||||||
{{- print "- name: fluentd-custom-cm-" $key | nindent 2 }}
|
|
||||||
configMap:
|
configMap:
|
||||||
{{- print "name: " . | nindent 6 }}
|
name: {{ include "fluentd.mainConfigMapName" . }}
|
||||||
|
defaultMode: 0777
|
||||||
|
- name: etcfluentd-config
|
||||||
|
configMap:
|
||||||
|
name: {{ include "fluentd.extraFilesConfigMapName" . }}
|
||||||
|
defaultMode: 0777
|
||||||
|
{{- if .Values.mountVarLogDirectory }}
|
||||||
|
- name: varlog
|
||||||
|
hostPath:
|
||||||
|
path: /var/log
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.mountDockerContainersDirectory }}
|
||||||
|
- name: varlibdockercontainers
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/docker/containers
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.volumes -}}
|
||||||
|
{{- toYaml .Values.volumes | nindent 0 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- range $key := .Values.configMapConfigs }}
|
||||||
|
{{- print "- name: " $key | nindent 0 }}
|
||||||
|
configMap:
|
||||||
|
{{- print "name: " $key "-" ( include "fluentd.shortReleaseName" $ ) | nindent 4 }}
|
||||||
defaultMode: 0777
|
defaultMode: 0777
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
|
@ -15,6 +15,7 @@ rules:
|
|||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- policy
|
- policy
|
||||||
resourceNames:
|
resourceNames:
|
||||||
@ -23,4 +24,5 @@ rules:
|
|||||||
- podsecuritypolicies
|
- podsecuritypolicies
|
||||||
verbs:
|
verbs:
|
||||||
- use
|
- use
|
||||||
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: dashboard-{{ trimSuffix ".json" (base $path) }}
|
name: dashboard-{{ trimSuffix ".json" (base $path) }}-{{ include "fluentd.shortReleaseName" $ }}
|
||||||
namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }}
|
namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluentd.labels" $ | nindent 4 }}
|
{{- include "fluentd.labels" $ | nindent 4 }}
|
||||||
|
@ -3,7 +3,7 @@ kind: ConfigMap
|
|||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluentd.labels" . | nindent 4 }}
|
{{- include "fluentd.labels" . | nindent 4 }}
|
||||||
name: fluentd-prometheus-conf
|
name: fluentd-prometheus-conf-{{ include "fluentd.shortReleaseName" . }}
|
||||||
data:
|
data:
|
||||||
prometheus.conf: |-
|
prometheus.conf: |-
|
||||||
<source>
|
<source>
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
|
{{- if not .Values.extraFilesConfigMapNameOverride }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: fluentd-config
|
name: fluentd-config-{{ include "fluentd.shortReleaseName" . }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluentd.labels" . | nindent 4 }}
|
{{- include "fluentd.labels" . | nindent 4 }}
|
||||||
data:
|
data:
|
||||||
@ -9,13 +11,14 @@ data:
|
|||||||
{{$key }}: |-
|
{{$key }}: |-
|
||||||
{{- (tpl $value $) | nindent 4 }}
|
{{- (tpl $value $) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if not .Values.mainConfigMapNameOverride }}
|
||||||
---
|
---
|
||||||
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: fluentd-main
|
name: fluentd-main-{{ include "fluentd.shortReleaseName" . }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "fluentd.labels" . | nindent 4 }}
|
{{- include "fluentd.labels" . | nindent 4 }}
|
||||||
data:
|
data:
|
||||||
@ -32,3 +35,4 @@ data:
|
|||||||
{{- range $key := .Values.configMapConfigs }}
|
{{- range $key := .Values.configMapConfigs }}
|
||||||
{{- print "@include " $key ".d/*" | nindent 4 }}
|
{{- print "@include " $key ".d/*" | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.podSecurityPolicy.enabled }}
|
{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -27,8 +27,9 @@ serviceAccount:
|
|||||||
rbac:
|
rbac:
|
||||||
create: true
|
create: true
|
||||||
|
|
||||||
# Configure podsecuritypolicy
|
# from Kubernetes 1.25, PSP is deprecated
|
||||||
# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
# See: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes
|
||||||
|
# We automatically disable PSP if Kubernetes version is 1.25 or higher
|
||||||
podSecurityPolicy:
|
podSecurityPolicy:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations: {}
|
annotations: {}
|
||||||
@ -163,9 +164,9 @@ updateStrategy: {}
|
|||||||
# maxUnavailable: 1
|
# maxUnavailable: 1
|
||||||
|
|
||||||
## Additional environment variables to set for fluentd pods
|
## Additional environment variables to set for fluentd pods
|
||||||
env:
|
env: []
|
||||||
- name: "FLUENTD_CONF"
|
# - name: "FLUENTD_CONF"
|
||||||
value: "../../../etc/fluent/fluent.conf"
|
# value: "../../../etc/fluent/fluent.conf"
|
||||||
# - name: FLUENT_ELASTICSEARCH_HOST
|
# - name: FLUENT_ELASTICSEARCH_HOST
|
||||||
# value: "elasticsearch-master"
|
# value: "elasticsearch-master"
|
||||||
# - name: FLUENT_ELASTICSEARCH_PORT
|
# - name: FLUENT_ELASTICSEARCH_PORT
|
||||||
@ -175,32 +176,19 @@ envFrom: []
|
|||||||
|
|
||||||
initContainers: []
|
initContainers: []
|
||||||
|
|
||||||
volumes:
|
## Name of the configMap containing a custom fluentd.conf configuration file to use instead of the default.
|
||||||
- name: varlog
|
# mainConfigMapNameOverride: ""
|
||||||
hostPath:
|
|
||||||
path: /var/log
|
|
||||||
- name: varlibdockercontainers
|
|
||||||
hostPath:
|
|
||||||
path: /var/lib/docker/containers
|
|
||||||
- name: etcfluentd-main
|
|
||||||
configMap:
|
|
||||||
name: fluentd-main
|
|
||||||
defaultMode: 0777
|
|
||||||
- name: etcfluentd-config
|
|
||||||
configMap:
|
|
||||||
name: fluentd-config
|
|
||||||
defaultMode: 0777
|
|
||||||
|
|
||||||
volumeMounts:
|
## Name of the configMap containing files to be placed under /etc/fluent/config.d/
|
||||||
- name: varlog
|
## NOTE: This will replace ALL default files in the aforementioned path!
|
||||||
mountPath: /var/log
|
# extraFilesConfigMapNameOverride: ""
|
||||||
- name: varlibdockercontainers
|
|
||||||
mountPath: /var/lib/docker/containers
|
mountVarLogDirectory: true
|
||||||
readOnly: true
|
mountDockerContainersDirectory: true
|
||||||
- name: etcfluentd-main
|
|
||||||
mountPath: /etc/fluent
|
volumes: []
|
||||||
- name: etcfluentd-config
|
|
||||||
mountPath: /etc/fluent/config.d/
|
volumeMounts: []
|
||||||
|
|
||||||
## Only available if kind is StatefulSet
|
## Only available if kind is StatefulSet
|
||||||
## Fluentd persistence
|
## Fluentd persistence
|
||||||
@ -295,8 +283,8 @@ plugins: []
|
|||||||
|
|
||||||
## Add fluentd config files from K8s configMaps
|
## Add fluentd config files from K8s configMaps
|
||||||
##
|
##
|
||||||
configMapConfigs:
|
configMapConfigs: []
|
||||||
- fluentd-prometheus-conf
|
# - fluentd-prometheus-conf
|
||||||
# - fluentd-systemd-conf
|
# - fluentd-systemd-conf
|
||||||
|
|
||||||
## Fluentd configurations:
|
## Fluentd configurations:
|
||||||
|
@ -1,90 +1,3 @@
|
|||||||
diff -tubrN charts/fluentd/templates/files.conf/systemd.yaml charts/fluentd.zdt/templates/files.conf/systemd.yaml
|
|
||||||
--- charts/fluentd/templates/files.conf/systemd.yaml 2021-02-12 18:13:04.000000000 +0100
|
|
||||||
+++ charts/fluentd.zdt/templates/files.conf/systemd.yaml 1970-01-01 01:00:00.000000000 +0100
|
|
||||||
@@ -1,83 +0,0 @@
|
|
||||||
-apiVersion: v1
|
|
||||||
-kind: ConfigMap
|
|
||||||
-metadata:
|
|
||||||
- labels:
|
|
||||||
- {{- include "fluentd.labels" . | nindent 4 }}
|
|
||||||
- name: fluentd-systemd-conf
|
|
||||||
-data:
|
|
||||||
- systemd.conf: |-
|
|
||||||
- <source>
|
|
||||||
- @type systemd
|
|
||||||
- @id in_systemd_internal_kubernetes
|
|
||||||
- @label @KUBERNETES_SYSTEM
|
|
||||||
- matches [{"_SYSTEMD_UNIT":"kubelet.service"},{"_SYSTEMD_UNIT":"kube-apiserver.service"},{"_SYSTEMD_UNIT":"kube-controller-manager.service"},{"_SYSTEMD_UNIT":"kube-proxy.service"},{"_SYSTEMD_UNIT":"kube-scheduler.service"}]
|
|
||||||
- read_from_head true
|
|
||||||
- tag "internal-kubernetes.systemd"
|
|
||||||
- <storage>
|
|
||||||
- @type "local"
|
|
||||||
- persistent true
|
|
||||||
- path "/var/log/fluentd-journald-internal_kubernetes-cursor.json"
|
|
||||||
- </storage>
|
|
||||||
- <entry>
|
|
||||||
- fields_strip_underscores true
|
|
||||||
- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"}
|
|
||||||
- field_map_strict true
|
|
||||||
- </entry>
|
|
||||||
- </source>
|
|
||||||
-
|
|
||||||
- <source>
|
|
||||||
- @type systemd
|
|
||||||
- @id in_systemd_etcd
|
|
||||||
- @label @KUBERNETES_SYSTEM
|
|
||||||
- matches [{"_SYSTEMD_UNIT":"etcd.service"}]
|
|
||||||
- read_from_head true
|
|
||||||
- tag "etcd.systemd"
|
|
||||||
- <storage>
|
|
||||||
- @type "local"
|
|
||||||
- persistent true
|
|
||||||
- path "/var/log/fluentd-journald-internal_etcd-cursor.json"
|
|
||||||
- </storage>
|
|
||||||
- <entry>
|
|
||||||
- fields_strip_underscores true
|
|
||||||
- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"}
|
|
||||||
- field_map_strict true
|
|
||||||
- </entry>
|
|
||||||
- </source>
|
|
||||||
-
|
|
||||||
- <label @KUBERNETES_SYSTEM>
|
|
||||||
- <filter internal-kubernetes.systemd>
|
|
||||||
- @type parser
|
|
||||||
- key_name message
|
|
||||||
- <parse>
|
|
||||||
- @type regexp
|
|
||||||
- expression /^(?<level>[a-zA-Z])[0-9]* ([\d:.]+)\s+\d+ (?<file>[a-zA-Z-_.]+):(?<line>[\d]+)\]\s+(?<log>.*)$/
|
|
||||||
- </parse>
|
|
||||||
- reserve_data true
|
|
||||||
- reserve_time true
|
|
||||||
- </filter>
|
|
||||||
-
|
|
||||||
- <filter etcd.systemd>
|
|
||||||
- @type parser
|
|
||||||
- key_name message
|
|
||||||
- <parse>
|
|
||||||
- @type regexp
|
|
||||||
- expression /^([^ ]+\s[^ ]+) (?<level>[A-Z]) \| (?<component>[a-zA-Z-_.]+): (?<log>.*)$/
|
|
||||||
- </parse>
|
|
||||||
- reserve_data true
|
|
||||||
- reserve_time true
|
|
||||||
- </filter>
|
|
||||||
-
|
|
||||||
- <filter **>
|
|
||||||
- @type record_transformer
|
|
||||||
- enable_ruby
|
|
||||||
- <record>
|
|
||||||
- raw ${record["message"]}
|
|
||||||
- </record>
|
|
||||||
- remove_keys message
|
|
||||||
- </filter>
|
|
||||||
-
|
|
||||||
- <match **>
|
|
||||||
- @type relabel
|
|
||||||
- @label @DISPATCH
|
|
||||||
- </match>
|
|
||||||
- </label>
|
|
||||||
diff -tubrN charts/fluentd/templates/fluentd-configurations-cm.yaml charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml
|
diff -tubrN charts/fluentd/templates/fluentd-configurations-cm.yaml charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml
|
||||||
--- charts/fluentd/templates/fluentd-configurations-cm.yaml 2021-02-12 18:13:04.000000000 +0100
|
--- charts/fluentd/templates/fluentd-configurations-cm.yaml 2021-02-12 18:13:04.000000000 +0100
|
||||||
+++ charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml 2021-03-09 17:54:34.904992401 +0100
|
+++ charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml 2021-03-09 17:54:34.904992401 +0100
|
||||||
|
@ -11,13 +11,17 @@ patch_chart eck-operator
|
|||||||
|
|
||||||
# fix ECK crds handling to adhere to proper helm v3 support which also fixes ArgoCD applying updates on upgrades
|
# fix ECK crds handling to adhere to proper helm v3 support which also fixes ArgoCD applying updates on upgrades
|
||||||
mkdir charts/eck-operator/crds
|
mkdir charts/eck-operator/crds
|
||||||
helm template charts/eck-operator/charts/eck-operator-crds --name-template logging > charts/eck-operator/crds/all-crds.yaml
|
helm template charts/eck-operator/charts/eck-operator-crds --name-template logging --kube-version 1.26 > charts/eck-operator/crds/all-crds.yaml
|
||||||
|
|
||||||
rm -rf charts/eck-operator/charts
|
rm -rf charts/eck-operator/charts
|
||||||
yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml
|
yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml
|
||||||
|
|
||||||
|
# fluent-bit
|
||||||
|
patch_chart fluent-bit
|
||||||
|
|
||||||
# FluentD
|
# FluentD
|
||||||
patch_chart fluentd
|
patch_chart fluentd
|
||||||
|
rm -f charts/fluentd/templates/files.conf/systemd.yaml
|
||||||
|
|
||||||
# Fetch dashboards from Grafana.com and update ZDT CM
|
# Fetch dashboards from Grafana.com and update ZDT CM
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/fluent-bit/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/fluent-bit/grafana-dashboards.yaml
|
||||||
|
@ -244,7 +244,7 @@ fluent-bit:
|
|||||||
|
|
||||||
image:
|
image:
|
||||||
#repository: public.ecr.aws/zero-downtime/fluent-bit
|
#repository: public.ecr.aws/zero-downtime/fluent-bit
|
||||||
tag: 2.0.10
|
#tag: 2.0.10
|
||||||
|
|
||||||
testFramework:
|
testFramework:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -93,7 +93,7 @@ metrics:
|
|||||||
logging:
|
logging:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: logging
|
namespace: logging
|
||||||
targetRevision: 0.8.6
|
targetRevision: 0.8.7
|
||||||
|
|
||||||
argocd:
|
argocd:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
Loading…
Reference in New Issue
Block a user