feat: WIP telemetry pipeline now incl. fluent-bit and otel

This commit is contained in:
Stefan Reimer 2024-07-12 13:36:28 +00:00
parent 9c888dc99c
commit f1f196c860
18 changed files with 319 additions and 80 deletions

View File

@ -1,6 +1,6 @@
# kubezero-operators # kubezero-operators
![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
Various operators supported by KubeZero Various operators supported by KubeZero
@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://helm.elastic.co | eck-operator | 2.12.1 | | https://helm.elastic.co | eck-operator | 2.13.0 |
| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.0 | | https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.1 |
## Values ## Values

View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 2.12.1 appVersion: 2.13.0
description: Elastic Cloud on Kubernetes (ECK) operator description: Elastic Cloud on Kubernetes (ECK) operator
home: https://github.com/elastic/cloud-on-k8s home: https://github.com/elastic/cloud-on-k8s
icon: https://helm.elastic.co/icons/eck.png icon: https://helm.elastic.co/icons/eck.png
@ -18,4 +18,4 @@ maintainers:
name: Elastic name: Elastic
name: eck-operator name: eck-operator
type: application type: application
version: 2.12.1 version: 2.13.0

View File

@ -5,12 +5,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: agents.agent.k8s.elastic.co name: agents.agent.k8s.elastic.co
spec: spec:
group: agent.k8s.elastic.co group: agent.k8s.elastic.co
@ -245,7 +246,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -280,7 +282,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -725,7 +728,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -1132,12 +1136,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: apmservers.apm.k8s.elastic.co name: apmservers.apm.k8s.elastic.co
spec: spec:
group: apm.k8s.elastic.co group: apm.k8s.elastic.co
@ -1219,7 +1224,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -1663,7 +1669,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -2352,12 +2359,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: beats.beat.k8s.elastic.co name: beats.beat.k8s.elastic.co
spec: spec:
group: beat.k8s.elastic.co group: beat.k8s.elastic.co
@ -2592,7 +2600,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -2626,7 +2635,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -2670,7 +2680,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -2710,7 +2721,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -2836,12 +2848,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticmapsservers.maps.k8s.elastic.co name: elasticmapsservers.maps.k8s.elastic.co
spec: spec:
group: maps.k8s.elastic.co group: maps.k8s.elastic.co
@ -2935,7 +2948,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -3433,12 +3447,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticsearchautoscalers.autoscaling.k8s.elastic.co name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
spec: spec:
group: autoscaling.k8s.elastic.co group: autoscaling.k8s.elastic.co
@ -3790,12 +3805,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticsearches.elasticsearch.k8s.elastic.co name: elasticsearches.elasticsearch.k8s.elastic.co
spec: spec:
group: elasticsearch.k8s.elastic.co group: elasticsearch.k8s.elastic.co
@ -3859,6 +3875,10 @@ spec:
description: Auth contains user authentication and authorization security description: Auth contains user authentication and authorization security
settings for Elasticsearch. settings for Elasticsearch.
properties: properties:
disableElasticUser:
description: DisableElasticUser disables the default elastic user
that is created by ECK.
type: boolean
fileRealm: fileRealm:
description: FileRealm to propagate to the Elasticsearch cluster. description: FileRealm to propagate to the Elasticsearch cluster.
items: items:
@ -4330,7 +4350,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -4370,7 +4391,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -6500,12 +6522,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: enterprisesearches.enterprisesearch.k8s.elastic.co name: enterprisesearches.enterprisesearch.k8s.elastic.co
spec: spec:
group: enterprisesearch.k8s.elastic.co group: enterprisesearch.k8s.elastic.co
@ -6598,7 +6621,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -7170,7 +7194,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -7654,12 +7679,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: kibanas.kibana.k8s.elastic.co name: kibanas.kibana.k8s.elastic.co
spec: spec:
group: kibana.k8s.elastic.co group: kibana.k8s.elastic.co
@ -7741,7 +7767,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -7771,7 +7798,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -8229,7 +8257,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -8269,7 +8298,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -8952,12 +8982,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: logstashes.logstash.k8s.elastic.co name: logstashes.logstash.k8s.elastic.co
spec: spec:
group: logstash.k8s.elastic.co group: logstash.k8s.elastic.co
@ -9063,7 +9094,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -9112,7 +9144,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -9152,7 +9185,8 @@ spec:
- `url`: the URL to reach the Elastic resource - `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional). - `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName. This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string type: string
serviceName: serviceName:
@ -10172,12 +10206,13 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels: labels:
app.kubernetes.io/instance: 'logging' app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds' app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1' app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.12.1' helm.sh/chart: 'eck-operator-crds-2.13.0'
name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
spec: spec:
group: stackconfigpolicy.k8s.elastic.co group: stackconfigpolicy.k8s.elastic.co

View File

@ -0,0 +1,29 @@
automountServiceAccountToken: false
serviceAccount:
automountServiceAccountToken: false
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: serviceaccount-token
readOnly: true
volumes:
- name: serviceaccount-token
projected:
defaultMode: 0444
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
name: kube-root-ca.crt
items:
- key: ca.crt
path: ca.crt
- downwardAPI:
items:
- path: namespace
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace

View File

@ -96,6 +96,8 @@ Determine the name for the webhook secret
{{- define "eck-operator.webhookSecretName" -}} {{- define "eck-operator.webhookSecretName" -}}
{{- if .Values.global.manifestGen -}} {{- if .Values.global.manifestGen -}}
elastic-webhook-server-cert elastic-webhook-server-cert
{{- else if .Values.webhook.certsSecret -}}
{{- .Values.webhook.certsSecret }}
{{- else -}} {{- else -}}
{{- $name := include "eck-operator.name" . -}} {{- $name := include "eck-operator.name" . -}}
{{ printf "%s-webhook-cert" $name | trunc 63 }} {{ printf "%s-webhook-cert" $name | trunc 63 }}

View File

@ -79,6 +79,6 @@ data:
{{- if not .Values.config.containerSuffix }} {{- if not .Values.config.containerSuffix }}
ubi-only: {{ .Values.config.ubiOnly }} ubi-only: {{ .Values.config.ubiOnly }}
{{- end }} {{- end }}
{{- with .Values.webhook.secret }} {{- with .Values.webhook.certsSecret }}
webhook-secret: {{ . }} webhook-secret: {{ . }}
{{- end }} {{- end }}

View File

@ -2,6 +2,7 @@
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata: metadata:
name: {{ include "eck-operator.serviceAccountName" . }} name: {{ include "eck-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}

View File

@ -5,8 +5,15 @@ kind: StatefulSet
metadata: metadata:
name: {{ include "eck-operator.fullname" . }} name: {{ include "eck-operator.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
{{- with .Values.statefulsetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels: labels:
{{- include "eck-operator.labels" . | nindent 4 }} {{- include "eck-operator.labels" . | nindent 4 }}
{{- with .Values.statefulsetLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -31,6 +38,7 @@ spec:
spec: spec:
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
serviceAccountName: {{ include "eck-operator.serviceAccountName" . }} serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- with .Values.priorityClassName }} {{- with .Values.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
@ -121,11 +129,16 @@ spec:
- "--tls-cert-file=/tls/tls.crt" - "--tls-cert-file=/tls/tls.crt"
- "--tls-private-key-file=/tls/tls.key" - "--tls-private-key-file=/tls/tls.key"
{{- end }} {{- end }}
{{- if .Values.config.metrics.secureMode.tls.certificateSecret }} {{- if or .Values.config.metrics.secureMode.tls.certificateSecret .Values.config.metrics.secureMode.volumeMounts }}
volumeMounts: volumeMounts:
- mountPath: "/tls" {{- with .Values.config.metrics.secureMode.volumeMounts }}
name: tls-certificate {{- toYaml . | nindent 12 }}
readOnly: true {{- end }}
{{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
- mountPath: "/tls"
name: tls-certificate
readOnly: true
{{- end }}
{{- end }} {{- end }}
ports: ports:
- containerPort: {{ $metricsPort }} - containerPort: {{ $metricsPort }}

View File

@ -40,6 +40,12 @@ resources:
cpu: 100m cpu: 100m
memory: 150Mi memory: 150Mi
# statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
statefulsetAnnotations: {}
# statefulsetLabels define additional labels that should be added to the operator StatefulSet.
statefulsetLabels: {}
# podAnnotations define the annotations that should be added to the operator pod. # podAnnotations define the annotations that should be added to the operator pod.
podAnnotations: {} podAnnotations: {}
@ -87,9 +93,14 @@ volumes: []
# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created. # createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
createClusterScopedResources: true createClusterScopedResources: true
# Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount: serviceAccount:
# create specifies whether a service account should be created for the operator. # create specifies whether a service account should be created for the operator.
create: true create: true
# Specifies whether a service account should automount API credentials.
automountServiceAccountToken: true
# annotations to add to the service account # annotations to add to the service account
annotations: {} annotations: {}
# name of the service account to use. If not set and create is true, a name is generated using the fullname template. # name of the service account to use. If not set and create is true, a name is generated using the fullname template.
@ -129,7 +140,7 @@ webhook:
# port is the port that the validating webhook binds to. # port is the port that the validating webhook binds to.
port: 9443 port: 9443
# secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates. # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
secret: "" certsSecret: ""
# hostNetwork allows a Pod to use the Node network namespace. # hostNetwork allows a Pod to use the Node network namespace.
# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled. # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
@ -188,6 +199,8 @@ config:
# serviceMonitorNamespaceSelector: {} # serviceMonitorNamespaceSelector: {}
# serviceMonitorSelectorNilUsesHelmValues: false # serviceMonitorSelectorNilUsesHelmValues: false
enabled: false enabled: false
# additional volume mounts for the kube-rbac-proxy container.
volumeMounts: []
tls: tls:
# certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint. # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
# #

View File

@ -1,6 +1,6 @@
# kubezero-telemetry # kubezero-telemetry
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
@ -19,10 +19,10 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://fluent.github.io/helm-charts | fluent-bit | 0.46.2 | | https://fluent.github.io/helm-charts | fluent-bit | 0.47.1 |
| https://fluent.github.io/helm-charts | fluentd | 0.5.2 | | https://fluent.github.io/helm-charts | fluentd | 0.5.2 |
| https://jaegertracing.github.io/helm-charts | jaeger | 3.0.8 | | https://jaegertracing.github.io/helm-charts | jaeger | 3.1.1 |
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.92.0 | | https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.97.1 |
## Values ## Values
@ -100,6 +100,7 @@ Kubernetes: `>= 1.26.0`
| fluentd.volumes[0].secret.items[0].path | string | `"ca.crt"` | | | fluentd.volumes[0].secret.items[0].path | string | `"ca.crt"` | |
| fluentd.volumes[0].secret.secretName | string | `"telemetry-nodes-http-tls"` | | | fluentd.volumes[0].secret.secretName | string | `"telemetry-nodes-http-tls"` | |
| jaeger.agent.enabled | bool | `false` | | | jaeger.agent.enabled | bool | `false` | |
| jaeger.collector.enabled | bool | `false` | |
| jaeger.collector.extraEnv[0].name | string | `"ES_TAGS_AS_FIELDS_ALL"` | | | jaeger.collector.extraEnv[0].name | string | `"ES_TAGS_AS_FIELDS_ALL"` | |
| jaeger.collector.extraEnv[0].value | string | `"true"` | | | jaeger.collector.extraEnv[0].value | string | `"true"` | |
| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | | | jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | |
@ -128,9 +129,41 @@ Kubernetes: `>= 1.26.0`
| opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | | | opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | |
| opensearch.nodeSets | list | `[]` | | | opensearch.nodeSets | list | `[]` | |
| opensearch.prometheus | bool | `false` | | | opensearch.prometheus | bool | `false` | |
| opensearch.version | string | `"2.14.0"` | | | opensearch.version | string | `"2.15.0"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.auth.authenticator | string | `"basicauth/client"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.endpoint | string | `"https://telemetry:9200"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure | bool | `false` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure_skip_verify | bool | `true` | |
| opentelemetry-collector.config.extensions.basicauth/client.client_auth.password | string | `"admin"` | |
| opentelemetry-collector.config.extensions.basicauth/client.client_auth.username | string | `"admin"` | |
| opentelemetry-collector.config.extensions.health_check.endpoint | string | `"${env:MY_POD_IP}:13133"` | |
| opentelemetry-collector.config.extensions.memory_ballast | object | `{}` | |
| opentelemetry-collector.config.processors.batch | object | `{}` | |
| opentelemetry-collector.config.processors.memory_limiter | string | `nil` | |
| opentelemetry-collector.config.receivers.jaeger | string | `nil` | |
| opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpoint | string | `"${env:MY_POD_IP}:4317"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.http.endpoint | string | `"${env:MY_POD_IP}:4318"` | |
| opentelemetry-collector.config.receivers.zipkin | string | `nil` | |
| opentelemetry-collector.config.service.extensions[0] | string | `"health_check"` | |
| opentelemetry-collector.config.service.extensions[1] | string | `"memory_ballast"` | |
| opentelemetry-collector.config.service.extensions[2] | string | `"basicauth/client"` | |
| opentelemetry-collector.config.service.pipelines.logs | string | `nil` | |
| opentelemetry-collector.config.service.pipelines.metrics | string | `nil` | |
| opentelemetry-collector.config.service.pipelines.traces.exporters[0] | string | `"opensearch/trace"` | |
| opentelemetry-collector.config.service.pipelines.traces.processors[0] | string | `"memory_limiter"` | |
| opentelemetry-collector.config.service.pipelines.traces.processors[1] | string | `"batch"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.telemetry.metrics.address | string | `"${env:MY_POD_IP}:8888"` | |
| opentelemetry-collector.enabled | bool | `false` | | | opentelemetry-collector.enabled | bool | `false` | |
| opentelemetry-collector.image.repository | string | `"otel/opentelemetry-collector-contrib"` | |
| opentelemetry-collector.mode | string | `"deployment"` | | | opentelemetry-collector.mode | string | `"deployment"` | |
| opentelemetry-collector.podDisruptionBudget.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-compact.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-grpc.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-thrift.enabled | bool | `false` | |
| opentelemetry-collector.ports.metrics.enabled | bool | `true` | |
| opentelemetry-collector.ports.zipkin.enabled | bool | `false` | |
| opentelemetry-collector.serviceMonitor.enabled | bool | `false` | |
## Resources ## Resources
- https://opensearch.org/docs/latest/dashboards/branding/#condensed-header - https://opensearch.org/docs/latest/dashboards/branding/#condensed-header

View File

@ -1,9 +1,9 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: changed
description: "Updated _Fluent Bit_ OCI image to [v3.0.2](https://github.com/fluent/fluent-bit/releases/tag/v3.0.2)." description: "Updated Fluent Bit OCI image to v3.1.1."
apiVersion: v1 apiVersion: v1
appVersion: 3.0.2 appVersion: 3.1.1
description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
family operating systems. family operating systems.
home: https://fluentbit.io/ home: https://fluentbit.io/
@ -24,4 +24,4 @@ maintainers:
name: fluent-bit name: fluent-bit
sources: sources:
- https://github.com/fluent/fluent-bit/ - https://github.com/fluent/fluent-bit/
version: 0.46.2 version: 0.47.1

View File

@ -1559,7 +1559,7 @@
}, },
"timezone": "", "timezone": "",
"title": "{{ include "fluent-bit.fullname" . }}", "title": "{{ include "fluent-bit.fullname" . }}",
"uid": "d557c8f6-cac1-445f-8ade-4c351a9076b1", "uid": null,
"version": 7, "version": 7,
"weekStart": "" "weekStart": ""
} }

View File

@ -119,7 +119,11 @@ containers:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.extraContainers }} {{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 2 }} {{- if kindIs "string" .Values.extraContainers }}
{{- tpl .Values.extraContainers $ | nindent 2 }}
{{- else }}
{{- toYaml .Values.extraContainers | nindent 2 }}
{{- end -}}
{{- end }} {{- end }}
volumes: volumes:
- name: config - name: config

View File

@ -17,6 +17,9 @@ spec:
{{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }} {{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }}
{{- end }} {{- end }}
{{- if .Values.service.externalIPs }}
externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if (eq .Values.kind "DaemonSet") }} {{- if (eq .Values.kind "DaemonSet") }}
{{- with .Values.service.internalTrafficPolicy }} {{- with .Values.service.internalTrafficPolicy }}
internalTrafficPolicy: {{ . }} internalTrafficPolicy: {{ . }}

View File

@ -101,6 +101,10 @@ service:
# prometheus.io/path: "/api/v1/metrics/prometheus" # prometheus.io/path: "/api/v1/metrics/prometheus"
# prometheus.io/port: "2020" # prometheus.io/port: "2020"
# prometheus.io/scrape: "true" # prometheus.io/scrape: "true"
externalIPs: []
# externalIPs:
# - 2.2.2.2
serviceMonitor: serviceMonitor:
enabled: false enabled: false
@ -314,11 +318,21 @@ envWithTpl: []
envFrom: [] envFrom: []
# This supports either a structured array or a templatable string
extraContainers: [] extraContainers: []
# Array mode
# extraContainers:
# - name: do-something # - name: do-something
# image: busybox # image: busybox
# command: ['do', 'something'] # command: ['do', 'something']
# String mode
# extraContainers: |-
# - name: do-something
# image: bitnami/kubectl:{{ .Capabilities.KubeVersion.Major }}.{{ .Capabilities.KubeVersion.Minor }}
# command: ['kubectl', 'version']
flush: 1 flush: 1
metricsPort: 2020 metricsPort: 2020

View File

@ -3,11 +3,11 @@ gzip: true
folder: Telemetry folder: Telemetry
#condition: '.Values.telemetry.metrics.enabled' #condition: '.Values.telemetry.metrics.enabled'
dashboards: dashboards:
- name: jaeger #- name: jaeger
url: https://grafana.com/api/dashboards/10001/revisions/2/download # url: https://grafana.com/api/dashboards/10001/revisions/2/download
tags: # tags:
- Jaeger # - Jaeger
- Telemetry # - Telemetry
- name: opensearch - name: opensearch
url: https://grafana.com/api/dashboards/15178/revisions/2/download url: https://grafana.com/api/dashboards/15178/revisions/2/download
tags: tags:

File diff suppressed because one or more lines are too long

View File

@ -3,6 +3,74 @@ opentelemetry-collector:
mode: deployment mode: deployment
image:
repository: "otel/opentelemetry-collector-contrib"
config:
extensions:
health_check:
endpoint: ${env:MY_POD_IP}:13133
memory_ballast: {}
exporters:
otlp/jaeger:
endpoint: telemetry-jaeger-collector:4317
tls:
insecure: true
processors:
batch: {}
# If set to null, will be overridden with values based on k8s resource limits
memory_limiter: null
receivers:
jaeger: null
zipkin: null
otlp:
protocols:
grpc:
endpoint: ${env:MY_POD_IP}:4317
http:
endpoint: ${env:MY_POD_IP}:4318
service:
telemetry:
metrics:
address: ${env:MY_POD_IP}:8888
extensions:
- health_check
- memory_ballast
pipelines:
metrics: null
logs: null
traces:
exporters:
- otlp/jaeger
processors:
- memory_limiter
- batch
receivers:
- otlp
ports:
jaeger-compact:
enabled: false
jaeger-thrift:
enabled: false
jaeger-grpc:
enabled: false
zipkin:
enabled: false
metrics:
enabled: true
serviceMonitor:
enabled: false
podDisruptionBudget:
enabled: false
# minAvailable: 2
# maxUnavailable: 1
jaeger: jaeger:
enabled: false enabled: false
@ -15,12 +83,12 @@ jaeger:
grpc: grpc:
name: otlp-grpc name: otlp-grpc
port: 4317 port: 4317
http: # http:
name: otlp-http # name: otlp-http
port: 4318 # port: 4318
extraEnv: #extraEnv:
- name: ES_TAGS_AS_FIELDS_ALL # - name: ES_TAGS_AS_FIELDS_ALL
value: "true" # value: "true"
serviceMonitor: serviceMonitor:
enabled: false enabled: false
@ -52,7 +120,7 @@ jaeger:
url: jaeger.example.com url: jaeger.example.com
opensearch: opensearch:
version: 2.14.0 version: 2.15.0
prometheus: false prometheus: false
# custom cluster settings # custom cluster settings
@ -302,6 +370,15 @@ fluent-bit:
testFramework: testFramework:
enabled: false enabled: false
service:
internalTrafficPolicy: Local
extraPorts:
- name: otel
port: 4318
containerPort: 4318
protocol: TCP
serviceMonitor: serviceMonitor:
enabled: false enabled: false
@ -327,6 +404,9 @@ fluent-bit:
sharedKey: secretref+k8s://v1/Secret/kube-system/kubezero-secrets/telemetry.fluentd.source.sharedKey sharedKey: secretref+k8s://v1/Secret/kube-system/kubezero-secrets/telemetry.fluentd.source.sharedKey
tls: false tls: false
output_otel:
host: telemetry-opentelemetry-collector
input: input:
memBufLimit: 16MB memBufLimit: 16MB
refreshInterval: 5 refreshInterval: 5
@ -353,6 +433,7 @@ fluent-bit:
Name tail Name tail
Path /var/log/containers/*.log Path /var/log/containers/*.log
# Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769 # Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769
# Todo: Rather limit / filter spam message than exclude all together -> ideally locally, next dataprepper
Exclude_Path *logging-fluent-bit* Exclude_Path *logging-fluent-bit*
multiline.parser cri multiline.parser cri
Tag cri.* Tag cri.*
@ -363,10 +444,14 @@ fluent-bit:
DB.locking true DB.locking true
# Buffer_Max_Size 1M # Buffer_Max_Size 1M
{{- with .Values.config.input }} {{- with .Values.config.input }}
Mem_Buf_Limit {{ default "16MB" .memBufLimit }} Mem_Buf_Limit {{ .memBufLimit }}
Refresh_Interval {{ default 5 .refreshInterval }} Refresh_Interval {{ .refreshInterval }}
{{- end }} {{- end }}
[INPUT]
Name opentelemetry
Tag otel
filters: | filters: |
[FILTER] [FILTER]
Name parser Name parser
@ -411,7 +496,7 @@ fluent-bit:
outputs: | outputs: |
[OUTPUT] [OUTPUT]
Match * Match kube.*
Name forward Name forward
Host {{ .Values.config.output.host }} Host {{ .Values.config.output.host }}
Port 24224 Port 24224
@ -420,6 +505,15 @@ fluent-bit:
Send_options true Send_options true
Require_ack_response true Require_ack_response true
[OUTPUT]
Name opentelemetry
Match otel
Host {{ .Values.config.output_otel.host }}
Port 4318
#Metrics_uri /v1/metrics
Traces_uri /v1/traces
#Logs_uri /v1/logs
customParsers: | customParsers: |
[PARSER] [PARSER]
Name cri-log Name cri-log