From 122cf5bd5210583b5cf7b76a9dcdffa17fd62a3d Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 9 Sep 2020 14:17:02 +0100 Subject: [PATCH] Calico version bump to 3.16.1 --- charts/kubezero-calico/Chart.yaml | 4 +- charts/kubezero-calico/README.md | 5 +- charts/kubezero-calico/crds/crds.yaml | 97 ++++++++- charts/kubezero-calico/templates/calico.yaml | 47 +++-- charts/kubezero-calico/templates/ippool.yaml | 13 -- .../templates/migration-job.yaml | 192 ------------------ charts/kubezero-calico/values.yaml | 9 +- charts/kubezero-logging/README.md | 8 +- 8 files changed, 131 insertions(+), 244 deletions(-) delete mode 100644 charts/kubezero-calico/templates/ippool.yaml delete mode 100644 charts/kubezero-calico/templates/migration-job.yaml diff --git a/charts/kubezero-calico/Chart.yaml b/charts/kubezero-calico/Chart.yaml index 1bd20e0..46adbe1 100644 --- a/charts/kubezero-calico/Chart.yaml +++ b/charts/kubezero-calico/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-calico description: KubeZero Umbrella Chart for Calico type: application -version: 0.1.9 -appVersion: 3.15.1 +version: 0.2.0 +appVersion: v3.16.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-calico/README.md b/charts/kubezero-calico/README.md index 3fea3a1..4d63fa1 100644 --- a/charts/kubezero-calico/README.md +++ b/charts/kubezero-calico/README.md @@ -2,7 +2,7 @@ kubezero-calico =============== KubeZero Umbrella Chart for Calico -Current chart version is `0.1.9` +Current chart version is `0.2.0` Source code can be found [here](https://kubezero.com) @@ -38,10 +38,9 @@ The setup is based on the upstream calico-vxlan config from | Key | Type | Default | Description | |-----|------|---------|-------------| -| customIPPool | object | `{}` | | +| image.tag | string | `""` | | | installCRDs | bool | `false` | | | loglevel | string | `"Warning"` | | -| migration | bool | `false` | | | mtu | int | `8941` | | | network | string | `"vxlan"` | | | prometheus | bool | `false` | | diff --git a/charts/kubezero-calico/crds/crds.yaml b/charts/kubezero-calico/crds/crds.yaml index 5a98c2c..da6def4 100644 --- a/charts/kubezero-calico/crds/crds.yaml +++ b/charts/kubezero-calico/crds/crds.yaml @@ -1,4 +1,3 @@ ---- # Source: calico/templates/kdd-crds.yaml @@ -44,6 +43,32 @@ spec: 64512]' format: int32 type: integer + communities: + description: Communities is a list of BGP community values and their + arbitrary names for tagging routes. + items: + description: Community contains standard or large community value + and its name. + properties: + name: + description: Name given to community value. + type: string + value: + description: Value must be of format `aa:nn` or `aa:nn:mm`. + For standard community use `aa:nn` format, where `aa` and + `nn` are 16 bit number. For large community use `aa:nn:mm` + format, where `aa`, `nn` and `mm` are 32 bit number. Where, + `aa` is an AS Number, `nn` and `mm` are per-AS identifier. + pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ + type: string + type: object + type: array + listenPort: + description: ListenPort is the port where BGP protocol should listen. + Defaults to 179 + maximum: 65535 + minimum: 1 + type: integer logSeverityScreen: description: 'LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO]' @@ -52,13 +77,36 @@ spec: description: 'NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true]' type: boolean + prefixAdvertisements: + description: PrefixAdvertisements contains per-prefix advertisement + configuration. + items: + description: PrefixAdvertisement configures advertisement properties + for the specified CIDR. + properties: + cidr: + description: CIDR for which properties should be advertised. + type: string + communities: + description: Communities can be list of either community names + already defined in `Specs.Communities` or community value + of format `aa:nn` or `aa:nn:mm`. For standard community use + `aa:nn` format, where `aa` and `nn` are 16 bit number. For + large community use `aa:nn:mm` format, where `aa`, `nn` and + `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and + `mm` are per-AS identifier. + items: + type: string + type: array + type: object + type: array serviceClusterIPs: description: ServiceClusterIPs are the CIDR blocks from which service cluster IPs are allocated. If specified, Calico will advertise these blocks, as well as any cluster IPs within them. items: - description: ServiceClusterIPBlock represents a single whitelisted - CIDR block for ClusterIPs. + description: ServiceClusterIPBlock represents a single allowed ClusterIP + CIDR block. properties: cidr: type: string @@ -69,8 +117,8 @@ spec: Service External IPs. Kubernetes Service ExternalIPs will only be advertised if they are within one of these blocks. items: - description: ServiceExternalIPBlock represents a single whitelisted - CIDR External IP block. + description: ServiceExternalIPBlock represents a single allowed + External IP CIDR block. properties: cidr: type: string @@ -129,6 +177,12 @@ spec: description: The AS Number of the peer. format: int32 type: integer + keepOriginalNextHop: + description: Option to keep the original nexthop field when routes + are sent to a BGP Peer. Setting "true" configures the selected BGP + Peers node to use the "next hop keep;" instead of "next hop self;"(default) + in the specific branch of the Node on "bird.cfg". + type: boolean node: description: The node name identifying the Calico node instance that is peering with this peer. If this is not set, this represents a @@ -139,7 +193,11 @@ spec: this is set, the Node field must be empty. type: string peerIP: - description: The IP address of the peer. + description: The IP address of the peer followed by an optional port + number to peer with. If port number is given, format should be `[]:port` + or `:` for IPv4. If optional port number is not set, + and this peer IP and ASNumber belongs to a calico/node with ListenPort + set in BGPConfiguration, then we use that port to peer. type: string peerSelector: description: Selector for the remote nodes to peer with. When this @@ -338,6 +396,15 @@ spec: spec: description: FelixConfigurationSpec contains the values of the Felix configuration. properties: + awsSrcDstCheck: + description: 'Set source-destination-check on AWS EC2 instances. Accepted + value must be one of "DoNothing", "Enabled" or "Disabled". [Default: + DoNothing]' + enum: + - DoNothing + - Enable + - Disable + type: string bpfConnectTimeLoadBalancingEnabled: description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load balancer. The @@ -500,6 +567,13 @@ spec: - protocol type: object type: array + featureDetectOverride: + description: FeatureDetectOverride is used to override the feature + detection. Values are specified in a comma separated list with no + spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". + "true" or "false" will force the feature, empty or omitted values + are auto-detected. + type: string genericXDPEnabled: description: 'GenericXDPEnabled enables Generic XDP so network cards that don''t support XDP offload or driver modes can use XDP. This @@ -531,6 +605,11 @@ spec: integrations set the ‘cali’ value, and our OpenStack integration sets the ‘tap’ value. [Default: cali]' type: string + interfaceRefreshInterval: + description: InterfaceRefreshInterval is the period at which Felix + rescans local interfaces to verify their state. The rescan can be + disabled by setting the interval to 0. + type: string ipipEnabled: type: boolean ipipMTU: @@ -802,8 +881,6 @@ spec: Calico''s BPF maps or attached programs. Set to 0 to disable XDP refresh. [Default: 90s]' type: string - required: - - bpfLogLevel type: object type: object served: true @@ -2034,7 +2111,7 @@ spec: type: object ipipMode: description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling + If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling is disabled). type: string nat-outgoing: @@ -2054,7 +2131,7 @@ spec: vxlanMode: description: Contains configuration for VXLAN tunneling for this pool. If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunelling is disabled). + tunneling is disabled). type: string required: - cidr diff --git a/charts/kubezero-calico/templates/calico.yaml b/charts/kubezero-calico/templates/calico.yaml index 63c4efc..9946764 100644 --- a/charts/kubezero-calico/templates/calico.yaml +++ b/charts/kubezero-calico/templates/calico.yaml @@ -28,6 +28,7 @@ data: { "type": "calico", "log_level": "info", + "log_file_path": "/var/log/calico/cni/cni.log", "datastore_type": "kubernetes", "nodename": "__KUBERNETES_NODE_NAME__", "mtu": __CNI_MTU__, @@ -341,8 +342,13 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v3.15.1 - command: ["/install-cni.sh"] + image: calico/cni:{{ default .Chart.AppVersion .Values.image.tag }} + command: ["/opt/cni/bin/install"] + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Name of the CNI config file to create. - name: CNI_CONF_NAME @@ -377,7 +383,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.15.1 + image: calico/pod2daemon-flexvol:{{ default .Chart.AppVersion .Values.image.tag }} volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -388,7 +394,12 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v3.15.1 + image: calico/node:{{ default .Chart.AppVersion .Values.image.tag }} + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -437,17 +448,14 @@ spec: configMapKeyRef: name: calico-config key: veth_mtu + # Disable AWS source-destination check on nodes. + - name: FELIX_AWSSRCDSTCHECK + value: DoNothing # The default IPv4 pool to create on startup if none exists. Pod IPs will be # chosen from this range. Changing this value after installation will have # no effect. This should fall within `--cluster-cidr`. # - name: CALICO_IPV4POOL_CIDR # value: "192.168.0.0/16" - # Set MTU for the Wireguard tunnel device. - - name: FELIX_WIREGUARDMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING value: "true" @@ -464,12 +472,12 @@ spec: value: "{{ .Values.loglevel }}" - name: FELIX_LOGSEVERITYSYS value: "" - - name: FELIX_HEALTHENABLED - value: "true" - name: FELIX_PROMETHEUSGOMETRICSENABLED value: "{{ .Values.prometheus }}" - name: FELIX_PROMETHEUSMETRICSENABLED value: "{{ .Values.prometheus }}" + - name: FELIX_HEALTHENABLED + value: "true" securityContext: privileged: true resources: @@ -483,14 +491,12 @@ spec: periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 - timeoutSeconds: 3 readinessProbe: exec: command: - /bin/calico-node - -felix-ready periodSeconds: 10 - timeoutSeconds: 3 volumeMounts: - mountPath: /lib/modules name: lib-modules @@ -506,6 +512,13 @@ spec: readOnly: false - name: policysync mountPath: /var/run/nodeagent + # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the + # parent directory. + - name: sysfs + mountPath: /sys/fs/ + # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. + # If the host is known to mount that filesystem already then Bidirectional can be omitted. + mountPropagation: Bidirectional volumes: # Used by calico-node. - name: lib-modules @@ -521,6 +534,10 @@ spec: hostPath: path: /run/xtables.lock type: FileOrCreate + - name: sysfs + hostPath: + path: /sys/fs/ + type: DirectoryOrCreate # Used to install CNI. - name: cni-bin-dir hostPath: @@ -590,7 +607,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: calico/kube-controllers:v3.15.1 + image: calico/kube-controllers:{{ default .Chart.AppVersion .Values.image.tag }} env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/charts/kubezero-calico/templates/ippool.yaml b/charts/kubezero-calico/templates/ippool.yaml deleted file mode 100644 index a3b165a..0000000 --- a/charts/kubezero-calico/templates/ippool.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.customIPPool }} -apiVersion: crd.projectcalico.org/v1 -kind: IPPool -metadata: - name: default-ipv4-ippool -spec: - cidr: 10.244.0.0/16 - blockSize: 26 - ipipMode: Never - natOutgoing: true - nodeSelector: all() - vxlanMode: Always -{{- end }} diff --git a/charts/kubezero-calico/templates/migration-job.yaml b/charts/kubezero-calico/templates/migration-job.yaml deleted file mode 100644 index 73054a2..0000000 --- a/charts/kubezero-calico/templates/migration-job.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- if .Values.migration }} ---- -# This ConfigMap is used to store Flannel subnet.env content. -kind: ConfigMap -apiVersion: v1 -metadata: - name: flannel-migration-config - namespace: kube-system -data: - # Do not edit! This field is updated by migration controller. - flannel_subnet_env: "" - ---- -# Include a clusterrole for the kube-controllers component, -# and bind it to the flannel-migration-controller serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flannel-migration-controller -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - - patch - - update - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes/status - verbs: - - get - - update - # Pods are created/deleted. - - apiGroups: [""] - resources: - - pods - verbs: - - get - - list - - create - - delete - # Pods/exec are created. - - apiGroups: [""] - resources: - - pods/exec - verbs: - - create - # Configmaps are updated. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - update - - apiGroups: [""] - resources: - - pods/eviction - verbs: - - create - # Daemonset are watched to monitor for deletions. - - apiGroups: ["apps", "extensions"] - resources: - - daemonsets - verbs: - - get - - delete - - update - # IPAM resources are manipulated when nodes are deleted. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - create - - update - # Needs access to update felixconfigurations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - felixconfigurations - verbs: - - get - - create - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flannel-migration-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flannel-migration-controller -subjects: -- kind: ServiceAccount - name: flannel-migration-controller - namespace: kube-system - ---- -# See https://github.com/projectcalico/kube-controllers -apiVersion: batch/v1 -kind: Job -metadata: - name: flannel-migration - namespace: kube-system - labels: - k8s-app: flannel-migration-controller -spec: - backoffLimit: 10 - template: - metadata: - name: flannel-migration-controller - namespace: kube-system - labels: - k8s-app: flannel-migration-controller - spec: - nodeSelector: - kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - serviceAccountName: flannel-migration-controller - priorityClassName: system-cluster-critical - restartPolicy: OnFailure - containers: - - name: flannel-migration-controller - image: calico/flannel-migration-controller:v3.15.0 - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: flannelmigration - - name: DATASTORE_TYPE - value: kubernetes - - name: FLANNEL_DAEMONSET_NAME - value: canal - - name: FLANNEL_SUBNET_ENV - valueFrom: - configMapKeyRef: - name: flannel-migration-config - key: flannel_subnet_env - - name: POD_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /host/run/flannel/subnet.env - name: flannel-env-file - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - volumes: - - name: flannel-env-file - hostPath: - path: /run/flannel/subnet.env - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flannel-migration-controller - namespace: kube-system -{{- end }} diff --git a/charts/kubezero-calico/values.yaml b/charts/kubezero-calico/values.yaml index 5f66b63..04a2979 100644 --- a/charts/kubezero-calico/values.yaml +++ b/charts/kubezero-calico/values.yaml @@ -1,5 +1,8 @@ installCRDs: false +image: + tag: "" + network: vxlan mtu: 8941 @@ -7,9 +10,3 @@ mtu: 8941 loglevel: Warning prometheus: false - -customIPPool: {} - -# Soon to be removed -migration: false - diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index f0017dd..3e1a2a1 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -55,9 +55,9 @@ Source code can be found [here](https://kubezero.com) | es.prometheus | bool | `false` | | | es.s3Snapshot.enabled | bool | `false` | | | es.s3Snapshot.iamrole | string | `""` | | -| fluent-bit.config.filters | string | `"[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | | +| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | | | fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag kube.api.audit\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | | -| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n"` | | +| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | | | fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | | | fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.enabled | bool | `false` | | @@ -67,6 +67,7 @@ Source code can be found [here](https://kubezero.com) | fluent-bit.test.enabled | bool | `false` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | | fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | +| fluentd.configMaps."filter.conf" | string | `"\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n \n @type json\n \n\n"` | | | fluentd.configMaps."forward-input.conf" | string | `"\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n \n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n \n \n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n \n\n"` | | | fluentd.configMaps."output.conf" | string | `"\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n \n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n \n\n"` | | | fluentd.enabled | bool | `false` | | @@ -84,7 +85,7 @@ Source code can be found [here](https://kubezero.com) | fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | | | fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | | | fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | | -| fluentd.image.tag | string | `"v2.9.0"` | | +| fluentd.image.tag | string | `"v3.0.4"` | | | fluentd.istio.enabled | bool | `false` | | | fluentd.metrics.enabled | bool | `false` | | | fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | @@ -111,3 +112,4 @@ Source code can be found [here](https://kubezero.com) - https://www.elastic.co/downloads/elastic-cloud-kubernetes - https://github.com/elastic/cloud-on-k8s +- https://grafana.com/grafana/dashboards/7752