feat: WIP telemetry pipeline now incl. fluent-bit and otel

This commit is contained in:
Stefan Reimer 2024-07-12 13:36:28 +00:00
parent 9c888dc99c
commit f1f196c860
18 changed files with 319 additions and 80 deletions

View File

@ -1,6 +1,6 @@
# kubezero-operators
![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
Various operators supported by KubeZero
@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version |
|------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://helm.elastic.co | eck-operator | 2.12.1 |
| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.0 |
| https://helm.elastic.co | eck-operator | 2.13.0 |
| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.1 |
## Values

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 2.12.1
appVersion: 2.13.0
description: Elastic Cloud on Kubernetes (ECK) operator
home: https://github.com/elastic/cloud-on-k8s
icon: https://helm.elastic.co/icons/eck.png
@ -18,4 +18,4 @@ maintainers:
name: Elastic
name: eck-operator
type: application
version: 2.12.1
version: 2.13.0

View File

@ -5,12 +5,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: agents.agent.k8s.elastic.co
spec:
group: agent.k8s.elastic.co
@ -245,7 +246,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -280,7 +282,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -725,7 +728,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -1132,12 +1136,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: apmservers.apm.k8s.elastic.co
spec:
group: apm.k8s.elastic.co
@ -1219,7 +1224,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -1663,7 +1669,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -2352,12 +2359,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: beats.beat.k8s.elastic.co
spec:
group: beat.k8s.elastic.co
@ -2592,7 +2600,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -2626,7 +2635,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -2670,7 +2680,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -2710,7 +2721,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -2836,12 +2848,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticmapsservers.maps.k8s.elastic.co
spec:
group: maps.k8s.elastic.co
@ -2935,7 +2948,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -3433,12 +3447,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
spec:
group: autoscaling.k8s.elastic.co
@ -3790,12 +3805,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: elasticsearches.elasticsearch.k8s.elastic.co
spec:
group: elasticsearch.k8s.elastic.co
@ -3859,6 +3875,10 @@ spec:
description: Auth contains user authentication and authorization security
settings for Elasticsearch.
properties:
disableElasticUser:
description: DisableElasticUser disables the default elastic user
that is created by ECK.
type: boolean
fileRealm:
description: FileRealm to propagate to the Elasticsearch cluster.
items:
@ -4330,7 +4350,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -4370,7 +4391,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -6500,12 +6522,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: enterprisesearches.enterprisesearch.k8s.elastic.co
spec:
group: enterprisesearch.k8s.elastic.co
@ -6598,7 +6621,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -7170,7 +7194,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -7654,12 +7679,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: kibanas.kibana.k8s.elastic.co
spec:
group: kibana.k8s.elastic.co
@ -7741,7 +7767,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -7771,7 +7798,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -8229,7 +8257,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -8269,7 +8298,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -8952,12 +8982,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: logstashes.logstash.k8s.elastic.co
spec:
group: logstash.k8s.elastic.co
@ -9063,7 +9094,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -9112,7 +9144,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -9152,7 +9185,8 @@ spec:
- `url`: the URL to reach the Elastic resource
- `username`: the username of the user to be authenticated to the Elastic resource
- `password`: the password of the user to be authenticated to the Elastic resource
- `ca.crt`: the CA certificate in PEM format (optional).
- `ca.crt`: the CA certificate in PEM format (optional)
- `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
This field cannot be used in combination with the other fields name, namespace or serviceName.
type: string
serviceName:
@ -10172,12 +10206,13 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: 'logging'
app.kubernetes.io/managed-by: 'Helm'
app.kubernetes.io/name: 'eck-operator-crds'
app.kubernetes.io/version: '2.12.1'
helm.sh/chart: 'eck-operator-crds-2.12.1'
app.kubernetes.io/version: '2.13.0'
helm.sh/chart: 'eck-operator-crds-2.13.0'
name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
spec:
group: stackconfigpolicy.k8s.elastic.co

View File

@ -0,0 +1,29 @@
automountServiceAccountToken: false
serviceAccount:
automountServiceAccountToken: false
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: serviceaccount-token
readOnly: true
volumes:
- name: serviceaccount-token
projected:
defaultMode: 0444
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
name: kube-root-ca.crt
items:
- key: ca.crt
path: ca.crt
- downwardAPI:
items:
- path: namespace
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace

View File

@ -96,6 +96,8 @@ Determine the name for the webhook secret
{{- define "eck-operator.webhookSecretName" -}}
{{- if .Values.global.manifestGen -}}
elastic-webhook-server-cert
{{- else if .Values.webhook.certsSecret -}}
{{- .Values.webhook.certsSecret }}
{{- else -}}
{{- $name := include "eck-operator.name" . -}}
{{ printf "%s-webhook-cert" $name | trunc 63 }}

View File

@ -79,6 +79,6 @@ data:
{{- if not .Values.config.containerSuffix }}
ubi-only: {{ .Values.config.ubiOnly }}
{{- end }}
{{- with .Values.webhook.secret }}
{{- with .Values.webhook.certsSecret }}
webhook-secret: {{ . }}
{{- end }}

View File

@ -2,6 +2,7 @@
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "eck-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

View File

@ -5,8 +5,15 @@ kind: StatefulSet
metadata:
name: {{ include "eck-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- with .Values.statefulsetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "eck-operator.labels" . | nindent 4 }}
{{- with .Values.statefulsetLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
@ -31,6 +38,7 @@ spec:
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
@ -121,11 +129,16 @@ spec:
- "--tls-cert-file=/tls/tls.crt"
- "--tls-private-key-file=/tls/tls.key"
{{- end }}
{{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
{{- if or .Values.config.metrics.secureMode.tls.certificateSecret .Values.config.metrics.secureMode.volumeMounts }}
volumeMounts:
- mountPath: "/tls"
name: tls-certificate
readOnly: true
{{- with .Values.config.metrics.secureMode.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
- mountPath: "/tls"
name: tls-certificate
readOnly: true
{{- end }}
{{- end }}
ports:
- containerPort: {{ $metricsPort }}

View File

@ -40,6 +40,12 @@ resources:
cpu: 100m
memory: 150Mi
# statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
statefulsetAnnotations: {}
# statefulsetLabels define additional labels that should be added to the operator StatefulSet.
statefulsetLabels: {}
# podAnnotations define the annotations that should be added to the operator pod.
podAnnotations: {}
@ -87,9 +93,14 @@ volumes: []
# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
createClusterScopedResources: true
# Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# create specifies whether a service account should be created for the operator.
create: true
# Specifies whether a service account should automount API credentials.
automountServiceAccountToken: true
# annotations to add to the service account
annotations: {}
# name of the service account to use. If not set and create is true, a name is generated using the fullname template.
@ -129,7 +140,7 @@ webhook:
# port is the port that the validating webhook binds to.
port: 9443
# secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
secret: ""
certsSecret: ""
# hostNetwork allows a Pod to use the Node network namespace.
# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
@ -188,6 +199,8 @@ config:
# serviceMonitorNamespaceSelector: {}
# serviceMonitorSelectorNilUsesHelmValues: false
enabled: false
# additional volume mounts for the kube-rbac-proxy container.
volumeMounts: []
tls:
# certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
#

View File

@ -1,6 +1,6 @@
# kubezero-telemetry
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
@ -19,10 +19,10 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version |
|------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://fluent.github.io/helm-charts | fluent-bit | 0.46.2 |
| https://fluent.github.io/helm-charts | fluent-bit | 0.47.1 |
| https://fluent.github.io/helm-charts | fluentd | 0.5.2 |
| https://jaegertracing.github.io/helm-charts | jaeger | 3.0.8 |
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.92.0 |
| https://jaegertracing.github.io/helm-charts | jaeger | 3.1.1 |
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.97.1 |
## Values
@ -100,6 +100,7 @@ Kubernetes: `>= 1.26.0`
| fluentd.volumes[0].secret.items[0].path | string | `"ca.crt"` | |
| fluentd.volumes[0].secret.secretName | string | `"telemetry-nodes-http-tls"` | |
| jaeger.agent.enabled | bool | `false` | |
| jaeger.collector.enabled | bool | `false` | |
| jaeger.collector.extraEnv[0].name | string | `"ES_TAGS_AS_FIELDS_ALL"` | |
| jaeger.collector.extraEnv[0].value | string | `"true"` | |
| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | |
@ -128,9 +129,41 @@ Kubernetes: `>= 1.26.0`
| opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | |
| opensearch.nodeSets | list | `[]` | |
| opensearch.prometheus | bool | `false` | |
| opensearch.version | string | `"2.14.0"` | |
| opensearch.version | string | `"2.15.0"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.auth.authenticator | string | `"basicauth/client"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.endpoint | string | `"https://telemetry:9200"` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure | bool | `false` | |
| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure_skip_verify | bool | `true` | |
| opentelemetry-collector.config.extensions.basicauth/client.client_auth.password | string | `"admin"` | |
| opentelemetry-collector.config.extensions.basicauth/client.client_auth.username | string | `"admin"` | |
| opentelemetry-collector.config.extensions.health_check.endpoint | string | `"${env:MY_POD_IP}:13133"` | |
| opentelemetry-collector.config.extensions.memory_ballast | object | `{}` | |
| opentelemetry-collector.config.processors.batch | object | `{}` | |
| opentelemetry-collector.config.processors.memory_limiter | string | `nil` | |
| opentelemetry-collector.config.receivers.jaeger | string | `nil` | |
| opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpoint | string | `"${env:MY_POD_IP}:4317"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.http.endpoint | string | `"${env:MY_POD_IP}:4318"` | |
| opentelemetry-collector.config.receivers.zipkin | string | `nil` | |
| opentelemetry-collector.config.service.extensions[0] | string | `"health_check"` | |
| opentelemetry-collector.config.service.extensions[1] | string | `"memory_ballast"` | |
| opentelemetry-collector.config.service.extensions[2] | string | `"basicauth/client"` | |
| opentelemetry-collector.config.service.pipelines.logs | string | `nil` | |
| opentelemetry-collector.config.service.pipelines.metrics | string | `nil` | |
| opentelemetry-collector.config.service.pipelines.traces.exporters[0] | string | `"opensearch/trace"` | |
| opentelemetry-collector.config.service.pipelines.traces.processors[0] | string | `"memory_limiter"` | |
| opentelemetry-collector.config.service.pipelines.traces.processors[1] | string | `"batch"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.telemetry.metrics.address | string | `"${env:MY_POD_IP}:8888"` | |
| opentelemetry-collector.enabled | bool | `false` | |
| opentelemetry-collector.image.repository | string | `"otel/opentelemetry-collector-contrib"` | |
| opentelemetry-collector.mode | string | `"deployment"` | |
| opentelemetry-collector.podDisruptionBudget.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-compact.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-grpc.enabled | bool | `false` | |
| opentelemetry-collector.ports.jaeger-thrift.enabled | bool | `false` | |
| opentelemetry-collector.ports.metrics.enabled | bool | `true` | |
| opentelemetry-collector.ports.zipkin.enabled | bool | `false` | |
| opentelemetry-collector.serviceMonitor.enabled | bool | `false` | |
## Resources
- https://opensearch.org/docs/latest/dashboards/branding/#condensed-header

View File

@ -1,9 +1,9 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: "Updated _Fluent Bit_ OCI image to [v3.0.2](https://github.com/fluent/fluent-bit/releases/tag/v3.0.2)."
description: "Updated Fluent Bit OCI image to v3.1.1."
apiVersion: v1
appVersion: 3.0.2
appVersion: 3.1.1
description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
family operating systems.
home: https://fluentbit.io/
@ -24,4 +24,4 @@ maintainers:
name: fluent-bit
sources:
- https://github.com/fluent/fluent-bit/
version: 0.46.2
version: 0.47.1

View File

@ -1559,7 +1559,7 @@
},
"timezone": "",
"title": "{{ include "fluent-bit.fullname" . }}",
"uid": "d557c8f6-cac1-445f-8ade-4c351a9076b1",
"uid": null,
"version": 7,
"weekStart": ""
}

View File

@ -119,7 +119,11 @@ containers:
{{- end }}
{{- end }}
{{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 2 }}
{{- if kindIs "string" .Values.extraContainers }}
{{- tpl .Values.extraContainers $ | nindent 2 }}
{{- else }}
{{- toYaml .Values.extraContainers | nindent 2 }}
{{- end -}}
{{- end }}
volumes:
- name: config

View File

@ -17,6 +17,9 @@ spec:
{{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if (eq .Values.kind "DaemonSet") }}
{{- with .Values.service.internalTrafficPolicy }}
internalTrafficPolicy: {{ . }}

View File

@ -101,6 +101,10 @@ service:
# prometheus.io/path: "/api/v1/metrics/prometheus"
# prometheus.io/port: "2020"
# prometheus.io/scrape: "true"
externalIPs: []
# externalIPs:
# - 2.2.2.2
serviceMonitor:
enabled: false
@ -314,11 +318,21 @@ envWithTpl: []
envFrom: []
# This supports either a structured array or a templatable string
extraContainers: []
# Array mode
# extraContainers:
# - name: do-something
# image: busybox
# command: ['do', 'something']
# String mode
# extraContainers: |-
# - name: do-something
# image: bitnami/kubectl:{{ .Capabilities.KubeVersion.Major }}.{{ .Capabilities.KubeVersion.Minor }}
# command: ['kubectl', 'version']
flush: 1
metricsPort: 2020

View File

@ -3,11 +3,11 @@ gzip: true
folder: Telemetry
#condition: '.Values.telemetry.metrics.enabled'
dashboards:
- name: jaeger
url: https://grafana.com/api/dashboards/10001/revisions/2/download
tags:
- Jaeger
- Telemetry
#- name: jaeger
# url: https://grafana.com/api/dashboards/10001/revisions/2/download
# tags:
# - Jaeger
# - Telemetry
- name: opensearch
url: https://grafana.com/api/dashboards/15178/revisions/2/download
tags:

File diff suppressed because one or more lines are too long

View File

@ -3,6 +3,74 @@ opentelemetry-collector:
mode: deployment
image:
repository: "otel/opentelemetry-collector-contrib"
config:
extensions:
health_check:
endpoint: ${env:MY_POD_IP}:13133
memory_ballast: {}
exporters:
otlp/jaeger:
endpoint: telemetry-jaeger-collector:4317
tls:
insecure: true
processors:
batch: {}
# If set to null, will be overridden with values based on k8s resource limits
memory_limiter: null
receivers:
jaeger: null
zipkin: null
otlp:
protocols:
grpc:
endpoint: ${env:MY_POD_IP}:4317
http:
endpoint: ${env:MY_POD_IP}:4318
service:
telemetry:
metrics:
address: ${env:MY_POD_IP}:8888
extensions:
- health_check
- memory_ballast
pipelines:
metrics: null
logs: null
traces:
exporters:
- otlp/jaeger
processors:
- memory_limiter
- batch
receivers:
- otlp
ports:
jaeger-compact:
enabled: false
jaeger-thrift:
enabled: false
jaeger-grpc:
enabled: false
zipkin:
enabled: false
metrics:
enabled: true
serviceMonitor:
enabled: false
podDisruptionBudget:
enabled: false
# minAvailable: 2
# maxUnavailable: 1
jaeger:
enabled: false
@ -15,12 +83,12 @@ jaeger:
grpc:
name: otlp-grpc
port: 4317
http:
name: otlp-http
port: 4318
extraEnv:
- name: ES_TAGS_AS_FIELDS_ALL
value: "true"
# http:
# name: otlp-http
# port: 4318
#extraEnv:
# - name: ES_TAGS_AS_FIELDS_ALL
# value: "true"
serviceMonitor:
enabled: false
@ -52,7 +120,7 @@ jaeger:
url: jaeger.example.com
opensearch:
version: 2.14.0
version: 2.15.0
prometheus: false
# custom cluster settings
@ -302,6 +370,15 @@ fluent-bit:
testFramework:
enabled: false
service:
internalTrafficPolicy: Local
extraPorts:
- name: otel
port: 4318
containerPort: 4318
protocol: TCP
serviceMonitor:
enabled: false
@ -327,6 +404,9 @@ fluent-bit:
sharedKey: secretref+k8s://v1/Secret/kube-system/kubezero-secrets/telemetry.fluentd.source.sharedKey
tls: false
output_otel:
host: telemetry-opentelemetry-collector
input:
memBufLimit: 16MB
refreshInterval: 5
@ -353,6 +433,7 @@ fluent-bit:
Name tail
Path /var/log/containers/*.log
# Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769
# Todo: Rather limit / filter spam message than exclude all together -> ideally locally, next dataprepper
Exclude_Path *logging-fluent-bit*
multiline.parser cri
Tag cri.*
@ -363,10 +444,14 @@ fluent-bit:
DB.locking true
# Buffer_Max_Size 1M
{{- with .Values.config.input }}
Mem_Buf_Limit {{ default "16MB" .memBufLimit }}
Refresh_Interval {{ default 5 .refreshInterval }}
Mem_Buf_Limit {{ .memBufLimit }}
Refresh_Interval {{ .refreshInterval }}
{{- end }}
[INPUT]
Name opentelemetry
Tag otel
filters: |
[FILTER]
Name parser
@ -411,7 +496,7 @@ fluent-bit:
outputs: |
[OUTPUT]
Match *
Match kube.*
Name forward
Host {{ .Values.config.output.host }}
Port 24224
@ -420,6 +505,15 @@ fluent-bit:
Send_options true
Require_ack_response true
[OUTPUT]
Name opentelemetry
Match otel
Host {{ .Values.config.output_otel.host }}
Port 4318
#Metrics_uri /v1/metrics
Traces_uri /v1/traces
#Logs_uri /v1/logs
customParsers: |
[PARSER]
Name cri-log