Calico version bump to 3.16.1

This commit is contained in:
Stefan Reimer 2020-09-09 14:17:02 +01:00
parent 777fe64f01
commit 862fb4be9d
8 changed files with 131 additions and 244 deletions

View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-calico name: kubezero-calico
description: KubeZero Umbrella Chart for Calico description: KubeZero Umbrella Chart for Calico
type: application type: application
version: 0.1.9 version: 0.2.0
appVersion: 3.15.1 appVersion: v3.16.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -2,7 +2,7 @@ kubezero-calico
=============== ===============
KubeZero Umbrella Chart for Calico KubeZero Umbrella Chart for Calico
Current chart version is `0.1.9` Current chart version is `0.2.0`
Source code can be found [here](https://kubezero.com) Source code can be found [here](https://kubezero.com)
@ -38,10 +38,9 @@ The setup is based on the upstream calico-vxlan config from
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| customIPPool | object | `{}` | | | image.tag | string | `""` | |
| installCRDs | bool | `false` | | | installCRDs | bool | `false` | |
| loglevel | string | `"Warning"` | | | loglevel | string | `"Warning"` | |
| migration | bool | `false` | |
| mtu | int | `8941` | | | mtu | int | `8941` | |
| network | string | `"vxlan"` | | | network | string | `"vxlan"` | |
| prometheus | bool | `false` | | | prometheus | bool | `false` | |

View File

@ -1,4 +1,3 @@
---
# Source: calico/templates/kdd-crds.yaml # Source: calico/templates/kdd-crds.yaml
@ -44,6 +43,32 @@ spec:
64512]' 64512]'
format: int32 format: int32
type: integer type: integer
communities:
description: Communities is a list of BGP community values and their
arbitrary names for tagging routes.
items:
description: Community contains standard or large community value
and its name.
properties:
name:
description: Name given to community value.
type: string
value:
description: Value must be of format `aa:nn` or `aa:nn:mm`.
For standard community use `aa:nn` format, where `aa` and
`nn` are 16 bit number. For large community use `aa:nn:mm`
format, where `aa`, `nn` and `mm` are 32 bit number. Where,
`aa` is an AS Number, `nn` and `mm` are per-AS identifier.
pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
type: string
type: object
type: array
listenPort:
description: ListenPort is the port where BGP protocol should listen.
Defaults to 179
maximum: 65535
minimum: 1
type: integer
logSeverityScreen: logSeverityScreen:
description: 'LogSeverityScreen is the log severity above which logs description: 'LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: INFO]' are sent to the stdout. [Default: INFO]'
@ -52,13 +77,36 @@ spec:
description: 'NodeToNodeMeshEnabled sets whether full node to node description: 'NodeToNodeMeshEnabled sets whether full node to node
BGP mesh is enabled. [Default: true]' BGP mesh is enabled. [Default: true]'
type: boolean type: boolean
prefixAdvertisements:
description: PrefixAdvertisements contains per-prefix advertisement
configuration.
items:
description: PrefixAdvertisement configures advertisement properties
for the specified CIDR.
properties:
cidr:
description: CIDR for which properties should be advertised.
type: string
communities:
description: Communities can be list of either community names
already defined in `Specs.Communities` or community value
of format `aa:nn` or `aa:nn:mm`. For standard community use
`aa:nn` format, where `aa` and `nn` are 16 bit number. For
large community use `aa:nn:mm` format, where `aa`, `nn` and
`mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
`mm` are per-AS identifier.
items:
type: string
type: array
type: object
type: array
serviceClusterIPs: serviceClusterIPs:
description: ServiceClusterIPs are the CIDR blocks from which service description: ServiceClusterIPs are the CIDR blocks from which service
cluster IPs are allocated. If specified, Calico will advertise these cluster IPs are allocated. If specified, Calico will advertise these
blocks, as well as any cluster IPs within them. blocks, as well as any cluster IPs within them.
items: items:
description: ServiceClusterIPBlock represents a single whitelisted description: ServiceClusterIPBlock represents a single allowed ClusterIP
CIDR block for ClusterIPs. CIDR block.
properties: properties:
cidr: cidr:
type: string type: string
@ -69,8 +117,8 @@ spec:
Service External IPs. Kubernetes Service ExternalIPs will only be Service External IPs. Kubernetes Service ExternalIPs will only be
advertised if they are within one of these blocks. advertised if they are within one of these blocks.
items: items:
description: ServiceExternalIPBlock represents a single whitelisted description: ServiceExternalIPBlock represents a single allowed
CIDR External IP block. External IP CIDR block.
properties: properties:
cidr: cidr:
type: string type: string
@ -129,6 +177,12 @@ spec:
description: The AS Number of the peer. description: The AS Number of the peer.
format: int32 format: int32
type: integer type: integer
keepOriginalNextHop:
description: Option to keep the original nexthop field when routes
are sent to a BGP Peer. Setting "true" configures the selected BGP
Peers node to use the "next hop keep;" instead of "next hop self;"(default)
in the specific branch of the Node on "bird.cfg".
type: boolean
node: node:
description: The node name identifying the Calico node instance that description: The node name identifying the Calico node instance that
is peering with this peer. If this is not set, this represents a is peering with this peer. If this is not set, this represents a
@ -139,7 +193,11 @@ spec:
this is set, the Node field must be empty. this is set, the Node field must be empty.
type: string type: string
peerIP: peerIP:
description: The IP address of the peer. description: The IP address of the peer followed by an optional port
number to peer with. If port number is given, format should be `[<IPv6>]:port`
or `<IPv4>:<port>` for IPv4. If optional port number is not set,
and this peer IP and ASNumber belongs to a calico/node with ListenPort
set in BGPConfiguration, then we use that port to peer.
type: string type: string
peerSelector: peerSelector:
description: Selector for the remote nodes to peer with. When this description: Selector for the remote nodes to peer with. When this
@ -338,6 +396,15 @@ spec:
spec: spec:
description: FelixConfigurationSpec contains the values of the Felix configuration. description: FelixConfigurationSpec contains the values of the Felix configuration.
properties: properties:
awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default:
DoNothing]'
enum:
- DoNothing
- Enable
- Disable
type: string
bpfConnectTimeLoadBalancingEnabled: bpfConnectTimeLoadBalancingEnabled:
description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode,
controls whether Felix installs the connection-time load balancer. The controls whether Felix installs the connection-time load balancer. The
@ -500,6 +567,13 @@ spec:
- protocol - protocol
type: object type: object
type: array type: array
featureDetectOverride:
description: FeatureDetectOverride is used to override the feature
detection. Values are specified in a comma separated list with no
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=".
"true" or "false" will force the feature, empty or omitted values
are auto-detected.
type: string
genericXDPEnabled: genericXDPEnabled:
description: 'GenericXDPEnabled enables Generic XDP so network cards description: 'GenericXDPEnabled enables Generic XDP so network cards
that don''t support XDP offload or driver modes can use XDP. This that don''t support XDP offload or driver modes can use XDP. This
@ -531,6 +605,11 @@ spec:
integrations set the cali value, and our OpenStack integration integrations set the cali value, and our OpenStack integration
sets the tap value. [Default: cali]' sets the tap value. [Default: cali]'
type: string type: string
interfaceRefreshInterval:
description: InterfaceRefreshInterval is the period at which Felix
rescans local interfaces to verify their state. The rescan can be
disabled by setting the interval to 0.
type: string
ipipEnabled: ipipEnabled:
type: boolean type: boolean
ipipMTU: ipipMTU:
@ -802,8 +881,6 @@ spec:
Calico''s BPF maps or attached programs. Set to 0 to disable XDP Calico''s BPF maps or attached programs. Set to 0 to disable XDP
refresh. [Default: 90s]' refresh. [Default: 90s]'
type: string type: string
required:
- bpfLogLevel
type: object type: object
type: object type: object
served: true served: true
@ -2034,7 +2111,7 @@ spec:
type: object type: object
ipipMode: ipipMode:
description: Contains configuration for IPIP tunneling for this pool. description: Contains configuration for IPIP tunneling for this pool.
If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling
is disabled). is disabled).
type: string type: string
nat-outgoing: nat-outgoing:
@ -2054,7 +2131,7 @@ spec:
vxlanMode: vxlanMode:
description: Contains configuration for VXLAN tunneling for this pool. description: Contains configuration for VXLAN tunneling for this pool.
If not specified, then this is defaulted to "Never" (i.e. VXLAN If not specified, then this is defaulted to "Never" (i.e. VXLAN
tunelling is disabled). tunneling is disabled).
type: string type: string
required: required:
- cidr - cidr

View File

@ -28,6 +28,7 @@ data:
{ {
"type": "calico", "type": "calico",
"log_level": "info", "log_level": "info",
"log_file_path": "/var/log/calico/cni/cni.log",
"datastore_type": "kubernetes", "datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__", "nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__, "mtu": __CNI_MTU__,
@ -341,8 +342,13 @@ spec:
# This container installs the CNI binaries # This container installs the CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
image: calico/cni:v3.15.1 image: calico/cni:{{ default .Chart.AppVersion .Values.image.tag }}
command: ["/install-cni.sh"] command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
name: kubernetes-services-endpoint
optional: true
env: env:
# Name of the CNI config file to create. # Name of the CNI config file to create.
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
@ -377,7 +383,7 @@ spec:
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API. # to communicate with Felix over the Policy Sync API.
- name: flexvol-driver - name: flexvol-driver
image: calico/pod2daemon-flexvol:v3.15.1 image: calico/pod2daemon-flexvol:{{ default .Chart.AppVersion .Values.image.tag }}
volumeMounts: volumeMounts:
- name: flexvol-driver-host - name: flexvol-driver-host
mountPath: /host/driver mountPath: /host/driver
@ -388,7 +394,12 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
image: calico/node:v3.15.1 image: calico/node:{{ default .Chart.AppVersion .Values.image.tag }}
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
name: kubernetes-services-endpoint
optional: true
env: env:
# Use Kubernetes API as the backing datastore. # Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
@ -437,17 +448,14 @@ spec:
configMapKeyRef: configMapKeyRef:
name: calico-config name: calico-config
key: veth_mtu key: veth_mtu
# Disable AWS source-destination check on nodes.
- name: FELIX_AWSSRCDSTCHECK
value: DoNothing
# The default IPv4 pool to create on startup if none exists. Pod IPs will be # The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have # chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`. # no effect. This should fall within `--cluster-cidr`.
# - name: CALICO_IPV4POOL_CIDR # - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16" # value: "192.168.0.0/16"
# Set MTU for the Wireguard tunnel device.
- name: FELIX_WIREGUARDMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# Disable file logging so `kubectl logs` works. # Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING - name: CALICO_DISABLE_FILE_LOGGING
value: "true" value: "true"
@ -464,12 +472,12 @@ spec:
value: "{{ .Values.loglevel }}" value: "{{ .Values.loglevel }}"
- name: FELIX_LOGSEVERITYSYS - name: FELIX_LOGSEVERITYSYS
value: "" value: ""
- name: FELIX_HEALTHENABLED
value: "true"
- name: FELIX_PROMETHEUSGOMETRICSENABLED - name: FELIX_PROMETHEUSGOMETRICSENABLED
value: "{{ .Values.prometheus }}" value: "{{ .Values.prometheus }}"
- name: FELIX_PROMETHEUSMETRICSENABLED - name: FELIX_PROMETHEUSMETRICSENABLED
value: "{{ .Values.prometheus }}" value: "{{ .Values.prometheus }}"
- name: FELIX_HEALTHENABLED
value: "true"
securityContext: securityContext:
privileged: true privileged: true
resources: resources:
@ -483,14 +491,12 @@ spec:
periodSeconds: 10 periodSeconds: 10
initialDelaySeconds: 10 initialDelaySeconds: 10
failureThreshold: 6 failureThreshold: 6
timeoutSeconds: 3
readinessProbe: readinessProbe:
exec: exec:
command: command:
- /bin/calico-node - /bin/calico-node
- -felix-ready - -felix-ready
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 3
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
@ -506,6 +512,13 @@ spec:
readOnly: false readOnly: false
- name: policysync - name: policysync
mountPath: /var/run/nodeagent mountPath: /var/run/nodeagent
# For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the
# parent directory.
- name: sysfs
mountPath: /sys/fs/
# Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host.
# If the host is known to mount that filesystem already then Bidirectional can be omitted.
mountPropagation: Bidirectional
volumes: volumes:
# Used by calico-node. # Used by calico-node.
- name: lib-modules - name: lib-modules
@ -521,6 +534,10 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: sysfs
hostPath:
path: /sys/fs/
type: DirectoryOrCreate
# Used to install CNI. # Used to install CNI.
- name: cni-bin-dir - name: cni-bin-dir
hostPath: hostPath:
@ -590,7 +607,7 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:
- name: calico-kube-controllers - name: calico-kube-controllers
image: calico/kube-controllers:v3.15.1 image: calico/kube-controllers:{{ default .Chart.AppVersion .Values.image.tag }}
env: env:
# Choose which controllers to run. # Choose which controllers to run.
- name: ENABLED_CONTROLLERS - name: ENABLED_CONTROLLERS

View File

@ -1,13 +0,0 @@
{{- if .Values.customIPPool }}
apiVersion: crd.projectcalico.org/v1
kind: IPPool
metadata:
name: default-ipv4-ippool
spec:
cidr: 10.244.0.0/16
blockSize: 26
ipipMode: Never
natOutgoing: true
nodeSelector: all()
vxlanMode: Always
{{- end }}

View File

@ -1,192 +0,0 @@
{{- if .Values.migration }}
---
# This ConfigMap is used to store Flannel subnet.env content.
kind: ConfigMap
apiVersion: v1
metadata:
name: flannel-migration-config
namespace: kube-system
data:
# Do not edit! This field is updated by migration controller.
flannel_subnet_env: ""
---
# Include a clusterrole for the kube-controllers component,
# and bind it to the flannel-migration-controller serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
rules:
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes
verbs:
- watch
- list
- get
- patch
- update
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes/status
verbs:
- get
- update
# Pods are created/deleted.
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- create
- delete
# Pods/exec are created.
- apiGroups: [""]
resources:
- pods/exec
verbs:
- create
# Configmaps are updated.
- apiGroups: [""]
resources:
- configmaps
verbs:
- get
- update
- apiGroups: [""]
resources:
- pods/eviction
verbs:
- create
# Daemonset are watched to monitor for deletions.
- apiGroups: ["apps", "extensions"]
resources:
- daemonsets
verbs:
- get
- delete
- update
# IPAM resources are manipulated when nodes are deleted.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
verbs:
- get
- list
- create
- update
- delete
- apiGroups: ["crd.projectcalico.org"]
resources:
- ipamconfigs
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
# Needs access to update clusterinformations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- clusterinformations
verbs:
- get
- create
- update
# Needs access to update felixconfigurations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- felixconfigurations
verbs:
- get
- create
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel-migration-controller
subjects:
- kind: ServiceAccount
name: flannel-migration-controller
namespace: kube-system
---
# See https://github.com/projectcalico/kube-controllers
apiVersion: batch/v1
kind: Job
metadata:
name: flannel-migration
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
backoffLimit: 10
template:
metadata:
name: flannel-migration-controller
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
nodeSelector:
kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
serviceAccountName: flannel-migration-controller
priorityClassName: system-cluster-critical
restartPolicy: OnFailure
containers:
- name: flannel-migration-controller
image: calico/flannel-migration-controller:v3.15.0
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: flannelmigration
- name: DATASTORE_TYPE
value: kubernetes
- name: FLANNEL_DAEMONSET_NAME
value: canal
- name: FLANNEL_SUBNET_ENV
valueFrom:
configMapKeyRef:
name: flannel-migration-config
key: flannel_subnet_env
- name: POD_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /host/run/flannel/subnet.env
name: flannel-env-file
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r
volumes:
- name: flannel-env-file
hostPath:
path: /run/flannel/subnet.env
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel-migration-controller
namespace: kube-system
{{- end }}

View File

@ -1,5 +1,8 @@
installCRDs: false installCRDs: false
image:
tag: ""
network: vxlan network: vxlan
mtu: 8941 mtu: 8941
@ -7,9 +10,3 @@ mtu: 8941
loglevel: Warning loglevel: Warning
prometheus: false prometheus: false
customIPPool: {}
# Soon to be removed
migration: false

View File

@ -55,9 +55,9 @@ Source code can be found [here](https://kubezero.com)
| es.prometheus | bool | `false` | | | es.prometheus | bool | `false` | |
| es.s3Snapshot.enabled | bool | `false` | | | es.s3Snapshot.enabled | bool | `false` | |
| es.s3Snapshot.iamrole | string | `""` | | | es.s3Snapshot.iamrole | string | `""` | |
| fluent-bit.config.filters | string | `"[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | | | fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag kube.api.audit\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | | | fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag kube.api.audit\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n"` | | | fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | | | fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
| fluent-bit.enabled | bool | `false` | | | fluent-bit.enabled | bool | `false` | |
@ -67,6 +67,7 @@ Source code can be found [here](https://kubezero.com)
| fluent-bit.test.enabled | bool | `false` | | | fluent-bit.test.enabled | bool | `false` | |
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |
| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | | | fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | | | fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.enabled | bool | `false` | | | fluentd.enabled | bool | `false` | |
@ -84,7 +85,7 @@ Source code can be found [here](https://kubezero.com)
| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | | | fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | | | fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | |
| fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | | | fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | |
| fluentd.image.tag | string | `"v2.9.0"` | | | fluentd.image.tag | string | `"v3.0.4"` | |
| fluentd.istio.enabled | bool | `false` | | | fluentd.istio.enabled | bool | `false` | |
| fluentd.metrics.enabled | bool | `false` | | | fluentd.metrics.enabled | bool | `false` | |
| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | | fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
@ -111,3 +112,4 @@ Source code can be found [here](https://kubezero.com)
- https://www.elastic.co/downloads/elastic-cloud-kubernetes - https://www.elastic.co/downloads/elastic-cloud-kubernetes
- https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/cloud-on-k8s
- https://grafana.com/grafana/dashboards/7752