From 1706e2b9b7711cc748f1971f7b84d1e119873cde Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 12 Jul 2024 13:36:28 +0000 Subject: [PATCH] feat: WIP telemetry pipeline now incl. fluent-bit and otel --- charts/kubezero-operators/README.md | 6 +- .../charts/eck-operator/Chart.yaml | 4 +- .../charts/eck-operator/crds/all-crds.yaml | 117 ++++++++++++------ .../profile-disable-automounting-api.yaml | 29 +++++ .../eck-operator/templates/_helpers.tpl | 2 + .../eck-operator/templates/configmap.yaml | 2 +- .../templates/service-account.yaml | 1 + .../eck-operator/templates/statefulset.yaml | 21 +++- .../charts/eck-operator/values.yaml | 15 ++- charts/kubezero-telemetry/README.md | 43 ++++++- .../charts/fluent-bit/Chart.yaml | 6 +- .../fluent-bit/dashboards/fluent-bit.json | 4 +- .../charts/fluent-bit/templates/_pod.tpl | 6 +- .../charts/fluent-bit/templates/service.yaml | 3 + .../charts/fluent-bit/values.yaml | 14 +++ charts/kubezero-telemetry/dashboards.yaml | 10 +- .../templates/grafana-dashboards.yaml | 2 - charts/kubezero-telemetry/values.yaml | 114 +++++++++++++++-- 18 files changed, 319 insertions(+), 80 deletions(-) create mode 100644 charts/kubezero-operators/charts/eck-operator/profile-disable-automounting-api.yaml diff --git a/charts/kubezero-operators/README.md b/charts/kubezero-operators/README.md index e637d9ff..b4754a75 100644 --- a/charts/kubezero-operators/README.md +++ b/charts/kubezero-operators/README.md @@ -1,6 +1,6 @@ # kubezero-operators -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Various operators supported by KubeZero @@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://helm.elastic.co | eck-operator | 2.12.1 | -| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.0 | +| https://helm.elastic.co | eck-operator | 2.13.0 | +| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.6.1 | ## Values diff --git a/charts/kubezero-operators/charts/eck-operator/Chart.yaml b/charts/kubezero-operators/charts/eck-operator/Chart.yaml index 6b261018..774c48f4 100644 --- a/charts/kubezero-operators/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-operators/charts/eck-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.12.1 +appVersion: 2.13.0 description: Elastic Cloud on Kubernetes (ECK) operator home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png @@ -18,4 +18,4 @@ maintainers: name: Elastic name: eck-operator type: application -version: 2.12.1 +version: 2.13.0 diff --git a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml index ffe87cc7..88bc7ee0 100644 --- a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml @@ -5,12 +5,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: agents.agent.k8s.elastic.co spec: group: agent.k8s.elastic.co @@ -245,7 +246,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -280,7 +282,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -725,7 +728,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -1132,12 +1136,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: apmservers.apm.k8s.elastic.co spec: group: apm.k8s.elastic.co @@ -1219,7 +1224,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -1663,7 +1669,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -2352,12 +2359,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: beats.beat.k8s.elastic.co spec: group: beat.k8s.elastic.co @@ -2592,7 +2600,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -2626,7 +2635,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -2670,7 +2680,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -2710,7 +2721,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -2836,12 +2848,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: elasticmapsservers.maps.k8s.elastic.co spec: group: maps.k8s.elastic.co @@ -2935,7 +2948,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -3433,12 +3447,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: elasticsearchautoscalers.autoscaling.k8s.elastic.co spec: group: autoscaling.k8s.elastic.co @@ -3790,12 +3805,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co @@ -3859,6 +3875,10 @@ spec: description: Auth contains user authentication and authorization security settings for Elasticsearch. properties: + disableElasticUser: + description: DisableElasticUser disables the default elastic user + that is created by ECK. + type: boolean fileRealm: description: FileRealm to propagate to the Elasticsearch cluster. items: @@ -4330,7 +4350,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -4370,7 +4391,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -6500,12 +6522,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: group: enterprisesearch.k8s.elastic.co @@ -6598,7 +6621,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -7170,7 +7194,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -7654,12 +7679,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: kibanas.kibana.k8s.elastic.co spec: group: kibana.k8s.elastic.co @@ -7741,7 +7767,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -7771,7 +7798,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -8229,7 +8257,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -8269,7 +8298,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -8952,12 +8982,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: logstashes.logstash.k8s.elastic.co spec: group: logstash.k8s.elastic.co @@ -9063,7 +9094,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -9112,7 +9144,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -9152,7 +9185,8 @@ spec: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - - `ca.crt`: the CA certificate in PEM format (optional). + - `ca.crt`: the CA certificate in PEM format (optional) + - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec) This field cannot be used in combination with the other fields name, namespace or serviceName. type: string serviceName: @@ -10172,12 +10206,13 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.12.1' - helm.sh/chart: 'eck-operator-crds-2.12.1' + app.kubernetes.io/version: '2.13.0' + helm.sh/chart: 'eck-operator-crds-2.13.0' name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co spec: group: stackconfigpolicy.k8s.elastic.co diff --git a/charts/kubezero-operators/charts/eck-operator/profile-disable-automounting-api.yaml b/charts/kubezero-operators/charts/eck-operator/profile-disable-automounting-api.yaml new file mode 100644 index 00000000..50f97157 --- /dev/null +++ b/charts/kubezero-operators/charts/eck-operator/profile-disable-automounting-api.yaml @@ -0,0 +1,29 @@ +automountServiceAccountToken: false + +serviceAccount: + automountServiceAccountToken: false + +volumeMounts: +- mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: serviceaccount-token + readOnly: true + +volumes: +- name: serviceaccount-token + projected: + defaultMode: 0444 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + name: kube-root-ca.crt + items: + - key: ca.crt + path: ca.crt + - downwardAPI: + items: + - path: namespace + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace diff --git a/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl b/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl index 218f5742..ba1a7c83 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl +++ b/charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl @@ -96,6 +96,8 @@ Determine the name for the webhook secret {{- define "eck-operator.webhookSecretName" -}} {{- if .Values.global.manifestGen -}} elastic-webhook-server-cert +{{- else if .Values.webhook.certsSecret -}} +{{- .Values.webhook.certsSecret }} {{- else -}} {{- $name := include "eck-operator.name" . -}} {{ printf "%s-webhook-cert" $name | trunc 63 }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml index bc13953a..32d66d81 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml @@ -79,6 +79,6 @@ data: {{- if not .Values.config.containerSuffix }} ubi-only: {{ .Values.config.ubiOnly }} {{- end }} - {{- with .Values.webhook.secret }} + {{- with .Values.webhook.certsSecret }} webhook-secret: {{ . }} {{- end }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/service-account.yaml b/charts/kubezero-operators/charts/eck-operator/templates/service-account.yaml index a8901590..f91acdcc 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/service-account.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/service-account.yaml @@ -2,6 +2,7 @@ --- apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "eck-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml index 7f6a8f71..a970a17d 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml @@ -5,8 +5,15 @@ kind: StatefulSet metadata: name: {{ include "eck-operator.fullname" . }} namespace: {{ .Release.Namespace }} + {{- with .Values.statefulsetAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "eck-operator.labels" . | nindent 4 }} + {{- with .Values.statefulsetLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -31,6 +38,7 @@ spec: spec: terminationGracePeriodSeconds: 10 serviceAccountName: {{ include "eck-operator.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} @@ -121,11 +129,16 @@ spec: - "--tls-cert-file=/tls/tls.crt" - "--tls-private-key-file=/tls/tls.key" {{- end }} - {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + {{- if or .Values.config.metrics.secureMode.tls.certificateSecret .Values.config.metrics.secureMode.volumeMounts }} volumeMounts: - - mountPath: "/tls" - name: tls-certificate - readOnly: true + {{- with .Values.config.metrics.secureMode.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + - mountPath: "/tls" + name: tls-certificate + readOnly: true + {{- end }} {{- end }} ports: - containerPort: {{ $metricsPort }} diff --git a/charts/kubezero-operators/charts/eck-operator/values.yaml b/charts/kubezero-operators/charts/eck-operator/values.yaml index 6a124650..7ed5334d 100644 --- a/charts/kubezero-operators/charts/eck-operator/values.yaml +++ b/charts/kubezero-operators/charts/eck-operator/values.yaml @@ -40,6 +40,12 @@ resources: cpu: 100m memory: 150Mi +# statefulsetAnnotations define the annotations that should be added to the operator StatefulSet. +statefulsetAnnotations: {} + +# statefulsetLabels define additional labels that should be added to the operator StatefulSet. +statefulsetLabels: {} + # podAnnotations define the annotations that should be added to the operator pod. podAnnotations: {} @@ -87,9 +93,14 @@ volumes: [] # createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created. createClusterScopedResources: true +# Automount API credentials for the Service Account into the pod. +automountServiceAccountToken: true + serviceAccount: # create specifies whether a service account should be created for the operator. create: true + # Specifies whether a service account should automount API credentials. + automountServiceAccountToken: true # annotations to add to the service account annotations: {} # name of the service account to use. If not set and create is true, a name is generated using the fullname template. @@ -129,7 +140,7 @@ webhook: # port is the port that the validating webhook binds to. port: 9443 # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates. - secret: "" + certsSecret: "" # hostNetwork allows a Pod to use the Node network namespace. # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled. @@ -188,6 +199,8 @@ config: # serviceMonitorNamespaceSelector: {} # serviceMonitorSelectorNilUsesHelmValues: false enabled: false + # additional volume mounts for the kube-rbac-proxy container. + volumeMounts: [] tls: # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint. # diff --git a/charts/kubezero-telemetry/README.md b/charts/kubezero-telemetry/README.md index 82898697..28553899 100644 --- a/charts/kubezero-telemetry/README.md +++ b/charts/kubezero-telemetry/README.md @@ -1,6 +1,6 @@ # kubezero-telemetry -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. @@ -19,10 +19,10 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://fluent.github.io/helm-charts | fluent-bit | 0.46.2 | +| https://fluent.github.io/helm-charts | fluent-bit | 0.47.1 | | https://fluent.github.io/helm-charts | fluentd | 0.5.2 | -| https://jaegertracing.github.io/helm-charts | jaeger | 3.0.8 | -| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.92.0 | +| https://jaegertracing.github.io/helm-charts | jaeger | 3.1.1 | +| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.97.1 | ## Values @@ -100,6 +100,7 @@ Kubernetes: `>= 1.26.0` | fluentd.volumes[0].secret.items[0].path | string | `"ca.crt"` | | | fluentd.volumes[0].secret.secretName | string | `"telemetry-nodes-http-tls"` | | | jaeger.agent.enabled | bool | `false` | | +| jaeger.collector.enabled | bool | `false` | | | jaeger.collector.extraEnv[0].name | string | `"ES_TAGS_AS_FIELDS_ALL"` | | | jaeger.collector.extraEnv[0].value | string | `"true"` | | | jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | | @@ -128,9 +129,41 @@ Kubernetes: `>= 1.26.0` | opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | | | opensearch.nodeSets | list | `[]` | | | opensearch.prometheus | bool | `false` | | -| opensearch.version | string | `"2.14.0"` | | +| opensearch.version | string | `"2.15.0"` | | +| opentelemetry-collector.config.exporters.opensearch/trace.http.auth.authenticator | string | `"basicauth/client"` | | +| opentelemetry-collector.config.exporters.opensearch/trace.http.endpoint | string | `"https://telemetry:9200"` | | +| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure | bool | `false` | | +| opentelemetry-collector.config.exporters.opensearch/trace.http.tls.insecure_skip_verify | bool | `true` | | +| opentelemetry-collector.config.extensions.basicauth/client.client_auth.password | string | `"admin"` | | +| opentelemetry-collector.config.extensions.basicauth/client.client_auth.username | string | `"admin"` | | +| opentelemetry-collector.config.extensions.health_check.endpoint | string | `"${env:MY_POD_IP}:13133"` | | +| opentelemetry-collector.config.extensions.memory_ballast | object | `{}` | | +| opentelemetry-collector.config.processors.batch | object | `{}` | | +| opentelemetry-collector.config.processors.memory_limiter | string | `nil` | | +| opentelemetry-collector.config.receivers.jaeger | string | `nil` | | +| opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpoint | string | `"${env:MY_POD_IP}:4317"` | | +| opentelemetry-collector.config.receivers.otlp.protocols.http.endpoint | string | `"${env:MY_POD_IP}:4318"` | | +| opentelemetry-collector.config.receivers.zipkin | string | `nil` | | +| opentelemetry-collector.config.service.extensions[0] | string | `"health_check"` | | +| opentelemetry-collector.config.service.extensions[1] | string | `"memory_ballast"` | | +| opentelemetry-collector.config.service.extensions[2] | string | `"basicauth/client"` | | +| opentelemetry-collector.config.service.pipelines.logs | string | `nil` | | +| opentelemetry-collector.config.service.pipelines.metrics | string | `nil` | | +| opentelemetry-collector.config.service.pipelines.traces.exporters[0] | string | `"opensearch/trace"` | | +| opentelemetry-collector.config.service.pipelines.traces.processors[0] | string | `"memory_limiter"` | | +| opentelemetry-collector.config.service.pipelines.traces.processors[1] | string | `"batch"` | | +| opentelemetry-collector.config.service.pipelines.traces.receivers[0] | string | `"otlp"` | | +| opentelemetry-collector.config.service.telemetry.metrics.address | string | `"${env:MY_POD_IP}:8888"` | | | opentelemetry-collector.enabled | bool | `false` | | +| opentelemetry-collector.image.repository | string | `"otel/opentelemetry-collector-contrib"` | | | opentelemetry-collector.mode | string | `"deployment"` | | +| opentelemetry-collector.podDisruptionBudget.enabled | bool | `false` | | +| opentelemetry-collector.ports.jaeger-compact.enabled | bool | `false` | | +| opentelemetry-collector.ports.jaeger-grpc.enabled | bool | `false` | | +| opentelemetry-collector.ports.jaeger-thrift.enabled | bool | `false` | | +| opentelemetry-collector.ports.metrics.enabled | bool | `true` | | +| opentelemetry-collector.ports.zipkin.enabled | bool | `false` | | +| opentelemetry-collector.serviceMonitor.enabled | bool | `false` | | ## Resources - https://opensearch.org/docs/latest/dashboards/branding/#condensed-header diff --git a/charts/kubezero-telemetry/charts/fluent-bit/Chart.yaml b/charts/kubezero-telemetry/charts/fluent-bit/Chart.yaml index 1b1c6fe8..4c989883 100644 --- a/charts/kubezero-telemetry/charts/fluent-bit/Chart.yaml +++ b/charts/kubezero-telemetry/charts/fluent-bit/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - kind: changed - description: "Updated _Fluent Bit_ OCI image to [v3.0.2](https://github.com/fluent/fluent-bit/releases/tag/v3.0.2)." + description: "Updated Fluent Bit OCI image to v3.1.1." apiVersion: v1 -appVersion: 3.0.2 +appVersion: 3.1.1 description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD family operating systems. home: https://fluentbit.io/ @@ -24,4 +24,4 @@ maintainers: name: fluent-bit sources: - https://github.com/fluent/fluent-bit/ -version: 0.46.2 +version: 0.47.1 diff --git a/charts/kubezero-telemetry/charts/fluent-bit/dashboards/fluent-bit.json b/charts/kubezero-telemetry/charts/fluent-bit/dashboards/fluent-bit.json index b0024d31..803014fd 100644 --- a/charts/kubezero-telemetry/charts/fluent-bit/dashboards/fluent-bit.json +++ b/charts/kubezero-telemetry/charts/fluent-bit/dashboards/fluent-bit.json @@ -1559,7 +1559,7 @@ }, "timezone": "", "title": "{{ include "fluent-bit.fullname" . }}", - "uid": "d557c8f6-cac1-445f-8ade-4c351a9076b1", + "uid": null, "version": 7, "weekStart": "" -} \ No newline at end of file +} diff --git a/charts/kubezero-telemetry/charts/fluent-bit/templates/_pod.tpl b/charts/kubezero-telemetry/charts/fluent-bit/templates/_pod.tpl index 7f74f4a5..18258a75 100644 --- a/charts/kubezero-telemetry/charts/fluent-bit/templates/_pod.tpl +++ b/charts/kubezero-telemetry/charts/fluent-bit/templates/_pod.tpl @@ -119,7 +119,11 @@ containers: {{- end }} {{- end }} {{- if .Values.extraContainers }} - {{- toYaml .Values.extraContainers | nindent 2 }} + {{- if kindIs "string" .Values.extraContainers }} + {{- tpl .Values.extraContainers $ | nindent 2 }} + {{- else }} + {{- toYaml .Values.extraContainers | nindent 2 }} + {{- end -}} {{- end }} volumes: - name: config diff --git a/charts/kubezero-telemetry/charts/fluent-bit/templates/service.yaml b/charts/kubezero-telemetry/charts/fluent-bit/templates/service.yaml index 3f9c8f70..2a771e69 100644 --- a/charts/kubezero-telemetry/charts/fluent-bit/templates/service.yaml +++ b/charts/kubezero-telemetry/charts/fluent-bit/templates/service.yaml @@ -17,6 +17,9 @@ spec: {{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }} clusterIP: {{ .Values.service.clusterIP }} {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} {{- if (eq .Values.kind "DaemonSet") }} {{- with .Values.service.internalTrafficPolicy }} internalTrafficPolicy: {{ . }} diff --git a/charts/kubezero-telemetry/charts/fluent-bit/values.yaml b/charts/kubezero-telemetry/charts/fluent-bit/values.yaml index 1a60fe7b..ae242086 100644 --- a/charts/kubezero-telemetry/charts/fluent-bit/values.yaml +++ b/charts/kubezero-telemetry/charts/fluent-bit/values.yaml @@ -101,6 +101,10 @@ service: # prometheus.io/path: "/api/v1/metrics/prometheus" # prometheus.io/port: "2020" # prometheus.io/scrape: "true" + externalIPs: [] + # externalIPs: + # - 2.2.2.2 + serviceMonitor: enabled: false @@ -314,11 +318,21 @@ envWithTpl: [] envFrom: [] +# This supports either a structured array or a templatable string extraContainers: [] + +# Array mode +# extraContainers: # - name: do-something # image: busybox # command: ['do', 'something'] +# String mode +# extraContainers: |- +# - name: do-something +# image: bitnami/kubectl:{{ .Capabilities.KubeVersion.Major }}.{{ .Capabilities.KubeVersion.Minor }} +# command: ['kubectl', 'version'] + flush: 1 metricsPort: 2020 diff --git a/charts/kubezero-telemetry/dashboards.yaml b/charts/kubezero-telemetry/dashboards.yaml index dfeef645..bc5ed7ed 100644 --- a/charts/kubezero-telemetry/dashboards.yaml +++ b/charts/kubezero-telemetry/dashboards.yaml @@ -3,11 +3,11 @@ gzip: true folder: Telemetry #condition: '.Values.telemetry.metrics.enabled' dashboards: -- name: jaeger - url: https://grafana.com/api/dashboards/10001/revisions/2/download - tags: - - Jaeger - - Telemetry +#- name: jaeger +# url: https://grafana.com/api/dashboards/10001/revisions/2/download +# tags: +# - Jaeger +# - Telemetry - name: opensearch url: https://grafana.com/api/dashboards/15178/revisions/2/download tags: diff --git a/charts/kubezero-telemetry/templates/grafana-dashboards.yaml b/charts/kubezero-telemetry/templates/grafana-dashboards.yaml index 6174cc01..02e92a84 100644 --- a/charts/kubezero-telemetry/templates/grafana-dashboards.yaml +++ b/charts/kubezero-telemetry/templates/grafana-dashboards.yaml @@ -9,8 +9,6 @@ metadata: annotations: k8s-sidecar-target-directory: Telemetry binaryData: - jaeger.json.gz: - H4sIAAAAAAAC/+2dW3PbuBmG7/0rWF507K1sS7LlOJ3Zab3JppNOmmSTbHuRzXAgEpZQUwADgo4Vj/rbC/AgHiX6JFly3ptEBEACePHhw2McyOsdy7Idh/EgUqH9V+uzvras6/hfHcPJhOpQ++VH5/2Hdy9/f/Hp9bu3+2e/250shU+G1DdJAim8yFVM8H0S5fEeDV3JAhNuUuURahrEj/aIIqGIpEvzuMCPRoy/9tLnTqga0yisxr9NC/c+TxEnmOl/v3SSikn6NWKSNlQty38kyTnhJH848xqDMyn+UY24pDJMa3dy0D3opoXoNGcXEK71qmcWjBuzKgYXMhq0Z9SkK1uoKK9r2ZbvXGXCuVDEtLCROSmI7bNQzUXPi6djhhHz1WvzuF4nDy0Ut7kYOg3lZOibeCUjWggfM68hlLmCvxC+kOaBcjQku92O1e/19D+DQcfq7RUfndX/LK+L9WfrzKdSlYqQqxuOh4JIz07jZvH/X3bSBqna/cssvXUupDURnCkhGR9Z/yV0RKUlI87NJeMWsS5OQ4vySyYFn1CuDqz/CHkRWt+YGlu9g+d/ObBeUeoNiXsR/s1671MSUiuk3LOUsPxI8NHBpfg7nQS+mJr7x1SKA1dM4nrY1GOqIqM94lTFva3X7XZ7SZCxvU9C+IoFOqIbB8b2wyPfj698xi/ijpWYQWzZDR3NFb5PgpB6lSbSWTDvvchtJmnLil1809f940LAVVaa9HpqrrNGKFv6UT/3GOXClU3S2LDPSBhbS1yeWacYOSRx6DnxQ1qKMFbwhvKRikvdrcXRRbe12rpOdc58vyzGAs3muj3rlMOMdqeVsIp8cwmP+oWwcvUTLY9LYb62Wu7Vi0EuR01VNmYQSamNcUHshFwtimF8QUw4Ft9q3T7ppboP+wvuuiR+lLfLwkpr445TVZ8eR3xjnhrX2qbcH3LXovvLe8G4+peI3VQcUG7qgLh0kR0FVNsJV2REG20pME+WxGORyXpQj2s2Qd0UHpU09o3nvlDl8oRUMhq+045fmxttqFO4rMSh0p6pMddQ0SCg3hstYWO8InJEVbmbVrtqMhJcBXHRw2iyK4miu4kbdYyvoa52rY4uIQ/18O9Sdkk9J7aIz4PJl709u1N9mnbJE2Is01ZsQp2k9vVk6TDTYFSmk3BFpbatV8RkX7WNQp95Nc+snoOk5wn0nNmlqFnhqtwQaqzhZix8r6GRTGVeaedS8NmluA90lI7ZDTd+HLNz1XynigcP+6NR2PqQKnwYUrdsRGo+eFxX+y2RtdEgixNSNXiouNM62eDLuMcumRfpPr6w/xbwrsBQiQskV6zBgw4j9yIxvmqdjRdK+66RptJuGTs03LXYQ8290OcvC6swJVf0Bn0ht16dnVR1q8oQvV5AEylGv2h+aDTYxCk33pZ45caoQqXLRtx5IvVY2BmnzYal2WK0aAyL497Qy3nFdpoyKkj341LL6V2o5QTUAmrZNGqpwQrjzteI6hHO1yzD3amjucY6tNrTuSLiCkDzMEBzpi1HG6z+G3w/VtlKVbZ2NdvsAW4AN4AbwM1q4KZ3cge6Oe6DbkA3G083Q6LcsROy7/TOpPLjwcgvRjTroxZN44eZaQGAAEAAIACQda4JPW+ZXTkFf4A/Np4/0imTpGSYK3kQPPktniBJWtva/QhAAaAAUAAo617+aQGU4y4ABYCyaYCybMOKJ4XJrLBfBXMmt9yR8jKREBtSQCQgEhDJutds2pAE+2iBJJs/ZxKSy9bdKKU099uJ8mOyimUUxC4TEAuIZfXEslPJLu+K/0yOYL3IHFv9jKLU1Wg8bLeGs029BWebuj/W2aaTe6xj9ZYjGVaxQGQbR2TVk01aJa4cDSwaLJzICwxK6Vo4urhmyHUCKVwahuWjTtZQY4WOUUI7qpXOJG0Ve91WUkwlAcwAZphKWh21nN6eWvpY2wK2bBy2aHO7GbHE+4EBKM2AcksVwSZgE7AJ2GQ1bNK4zNUGJ1jlApxsI5wke4XBJneePMkFBJWASkAloJL1rfM8a4ESvAwGULK1Cz2SEs/RtdG9G0s896WUgphY3AGqAFWAKutd3GlDFbzZBaiy9XtS6oeZgCv32pHi4WgTkAXIAmR5lDWfNmbBPlowy/Yxi8r2eQrpjAn3fJ0I0yz35JbFooJdwC5gF7DLmk8AHS1nF6wMAV22BF0kDbTXo+lrdWnohNFwwpRqmGdJPCU+eLQS2HE113DqL2kPoA5QB6gD1FnzsaEW1OmBdcA628Y6ycvxVkc6T3tepoYqFTkBKgAVgApAZd1niNpIBZtgQCobRyq1Q0TlCYDC2SFASRlK6sevmudQcKgZQAIgAZCsfZGo7dW9wBHgyHZMnIyVKpx1+aqbW9W3s5hRDZ8XuOOkSpPCmEcBtgBbgC1rXvBpwZYeuAXcsq2bW84J8yM94mPF52E2p2R6AlWAKkAVoMq6l3zaWAVniMAq27k5BaTykHtTwCngFHAKOOVxVoL6g5ajzqAUUMr2rQQtONac9L6OpcuqonCtK0LX10nms9mB/hnnP5s91WUiHIAG0YBoQDQPSTS1WZZFq0RtSNPD54TANBvJNKXxNP/6dCDF1TRhmQRjdI1jQTrZa1o6GgEiHzMvczKJxVqqJ3bdgkxAJuv5/rSkASXVDlv7KvWZ6aab9UXqfvMXqY9PfqwvUj9rwLHyd4+WzDC1HH06Xu06mHmxx6+TQE2bPRtgDbB2B1jLyEIGbrYl1vGJotydOhrkrENrSQJXRFzt/dTrdrvYknxjojvTVqGN0UrVtFI1rd2JdmcspK7gXgioA9QB6jDd9AB8c+OjVN3lfDPAbBMAZuNX0AynxAs4TUeofjrpbsyL9c58P0OA0No91Ea+dwuw6TyoOukyngY6j/78vz/s/tXVH/bs/prdQRadtfXhxrL8sjZZ/vTzo8ryVvD920nzYgtQOKuNqYu1W+wR4F/wL/gX/Lsi/j29C/9iBxn4d1v59zpbaTV4d0gCdqglc2n4WDyzUfS7UJsOuPjugoGYV07M83aoNAPoGfQMegY9r4iem4+JtuEzXmkBfH5q+Hy4H///+uU+QPpmKgGpH0Q6wPUjwXWxQYDZwGxgNjD7lph92nQmqH/TXRotX3Qe4FNBwOyng9nmGC6Lh9301/6h0EoTZcZ5MPcdJAOAP7yOoPG103hL6wDNgeZAc6D5qtC8FngjNsebEsHmT4/NgeHL1QFx30sywPWjwTU4GhwNjl7XyyWqr5H4LaJyuuw1Ejvp3cb1GE9iYo+6iduzQ3dMJ+TfVIbaT8xf063xYZpk4hF5kaTUXJSbZJp5mq39ifpUs7UuxzwzRSeBr//O5qO5LBrbQpUZ/ixJxeIOlMafJ57M5uLbfi/rutqbpGF26baA6U4r85vT2jmZ8y72H3uQe3m71y1cHBUvepP896Dwu1e8OOoWY3IHY/cLv3teIv6XrA5muBGBypxxay7FB58UH1zMpX9cvPDy38+8YnmzspTk+y5iMrTTxi0bVRIYxX+O2N/fvGPPB1eT1A4u57Zy1N2Z/R92O4kbZvgAAA== opensearch.json.gz: H4sIAAAAAAAC/+1dWXPbOLZ+71/B4WSm45TaEWVJlrsqD7YT9+TejuO2nZ5UJR4VREISYi4KSNpW+/r+9jkASRHcJFKWJSrGgxcCIJaDs3w4AA7vf1IUtd8n9sT3XPVX5Qs8K8o9/w05NrIwpKpvL/pn5x8/vLv817tPF2ojyjbRAJssf0IdC3tj7LtxpoFdnZKJRxybFTmbFVEM5CHX8amO49LedMJbysubmP6I2O+NopaC/NOwr3FDKi/wAL+vGsE4Kf7uE4pzRhq1P6JoiGwUV06M3OSIMr+lM24wdcMh7+92drVm2ItGfnsTZAMJs61NxrlticlCS/PbyKMpKaSmnaVjXpPabnN3mbG5xB6Z2PWQl23yIiev9CjzW8tvZ0ELM45Btu1AWchlLBM0qZrE9WYMFHcEcgY+Mb33rCatEacK5M8nK5TBNhqYLN+jPhbSx8TISSW6Yx87pkNZhXQ0QC+bDaWlafCr02ko2o5YdTTow3gsyj+VQxNTL9GFmFvc8cBB1FDDvAf+9+qnkPRpwf44wfYFRlQfK7rpux6miuXYxHMozKZyS7yxIhQR1MC7u4lDWXFkG8qpY+BZCu+Wig3ipaiijmzscUWgdbT9XpDEpOLScUyPTCCjyRP57Nu+aQZPUCcK+6t19zr7+51Wt9fu7vFck9jXXCMEc875KEdD6I5poomLWc1DZLo41nTiBEeN8pwRJcaZE/NOMKcp/riF51ZbSLiLhhE+T9lzNBlJBu/FSnDW7atYqRKPk089DiYmq26pc5svVTrSx/iSWNjxvfSoFjJ0mkXijCHBpnHs2EMyShLFwEPkm16SVAHVOZuLiZBsOVwuVG8M2nzsmIarCgUeGmIVFppMgBVdQWbTkhv1DoaS6G8scUZy0iIy4jsvUNgY29m3PCe/tpD62fpukOnzcTXVRNZD41EdbxV2fIpNE1hghT3XVtrzvcKeUxDEFXa7leq28HSV4CaB4wq5Eg1cx/Q9nOoIWCM8ybJhlioC3xewltB1Jpqp3IdGhQZcbJFfDESvf1nYVHM17RQwndCQtpqG8nhEaKWVbiXxfPVTXo7QE9UB5AAKPoCTVxkFXaj891LKX2stUP5avvJvxUA8YcKCzk2SsCWm0YeQSwdIvx5Rx7dFIgXmNCqCKEZi5jcwI2Q4nWX7IHAiQSjBthdZ2kw2TIev4485HeMGx9SzsgFLDNc7dbxTYHK1UCa5VXEzoh9MtBvZ69w5DNXJfTotMcQM+YMVx58ZqB/bV0RH2EuOJzFcfIetiYloBtzxvEnAyL710gHo5HLo1A/RVZ9hWt+9Dx/f/P9X9UX4/1f1YUd5regwp17emzYMyu3bvjXAtOj9JAWJDclAxixto5wTpHtc7hJGRjXxCNvGiUMt5GVf/u5jOr2MMAjgP8f6NzKvk4UoHgZrvsN45iNBFDGOhU8CI5IAKSz9YkyGXjYjCYqUC07PLDbia4dccLTFAGizxixWzQOmgitatQ2p5zQ0T6jrOeq5XUEXB8OWajjz2gX5i42x0y18rcaauoy+XZe+3gKFfO7bNvMZMF/AivWxVLvbr3a75dRuV6rdZ652mTp4rOotW0cN1W+oTQ91j9xg5S0MRGrUrfPKLHBd9Jo11dKtkr4LrSnV9DNX05BigDT3QdNcP0ZVV6mnvur6LBiFcslGUUVVb3Zfql0g3q1yG1MXY0QNt8K+lHS9LGmx6Gjwku8OR792tnQdkObATgEHSvfLczcwLlcucy1CgymcN19VxMHyIkuzVIW1XyEU6WC5Onh2uraT0rXtkrpW+lykrq2oGvsTSixEpyvXuWLFtde9Z0Ffn0QHSyD8RMp5ucMoDnDOCFc69VITK3BQ0gr0pBWQVqCssiY28QgyyV+gFVZoA9LV1tcCvBd6KjG4VPMbV/NaSbTfkq57qedLK2SKTUeHKVuplk9WWl8dfz7rp0T4UvX/qjR3O2s52V5bE1NyKdFqSRMjTUxZa+DbyHXJyMbGCk1MstL6mphPs34uYWI2u3fcKxD+brm9Y3aoqcLOMSy1kMtvzbqJCx/qAFE3Z/zu+Hdsj7xx8rAKS8fufHIV2GqdWIgPplVkwI+QS3Tl+OyTQuyh8whzHt8HWka9D4lpJu6WsoTfKDKYahTnsZgXelWvOB1kejEmhsGuDYNCztI7YJR4izdXIkNpTPYO3YzStTFB8CkNBpfOsdBdXiqxc1IB5Nxmb2t7jsc7li6dq9ofxDtdPFesjSfeEsNLyJvK5PPMARpE+pwlqPNNKGIXwC8jZBa2kzUBGFga7OEofQt9sXGYsA4xpvGTPM/TszMK5DcwxdwkDE1HuJ/vchb4KPJsvrXhEs7ef/2fI9+dKu+dW0S810n1OgNTfz9ua92WqGQbC6t9b5i4sL5O97DbPqpUH+/mxRQsj1VY7bvmUbvZrF7tJ6BbYaXaSbd53K5e6UfQasW19k72jo5688yWO0E6ztOrYKP06zSPMfA/wcbvwPQZfimBPWb4QhlMlZfEhjZsHe+8JBR5+CU73dvXJ37fxbpjAyrgcnrPFiRg/l0+KQAHotcYSth99YK9tfsK0r85Ayj2Av4APvjSsa52dpRXMKLm0hfo2nORhMAqyv191KuHhxLgobF6Av3sA3f9XC/iMIYvQ5qjJyYN4WqnZsQJdGEZ8hw/LXk4MQj9XjfRen/+h1uGPG+rkWcxRf4GHANm5edG+BBIVvgQqKHZY8Ra0SP9Hpd0hh5/rhVVub1QeCcK6PmuOruxEZeTRE7XuhCEgYe5pDiZu+ATnWhfyl23O8ejEPilXlhwMRoWIHwpIqyuZvF17kW4iyg2soDXdaiXgvgc6/ajNRqxDXJDDB+ZWaeDEIhLDHZ1h+5ICsEOfP06QADiMESvJYw0JxJSqnQ+aJ+B85z10RTdzYOhL16MYZH4v5gta1Rn8A3r3q+atneQnPXhjC+gA9RLuRHCwGrJrrIMZwQzk4llEq5SMsWDZUomWRjyQuHLH027WbvRpBxkGQGaZjkI0O0obx3H03/HN7NeJyJh1c6xkONDsLF369Br7kdQYBGncF01RGIIuM14FbSn9CpkruYv5VboSQfC0zgQksTeqAehwpI02cpK1qQCdgkltU+xjtnpxcHUwxGKKY9cXvWeCLRAt24AFhv4hjBQvOKlZw4dYMJt1yJe3QjB+1WREkc1AXSnoTW4pGg4BOsgwd3S4G5bYFvt+rk+PLbZTS1tP39Xa69ZblfrraP7FrY9d3u2tkoByfUixYPKIfZ6SyDFvdZ8pMjY9tC9zA/tG+DIVGIMI1MZgQSmE7n8pRX0chgyF70thJAtCSHXDiErH6lgFlkHLGVhqDuEVH3D0d0+Pyix5kiAWQW38rMR60NWs8Eo74Fz7oRTWRJVPdZl1uz2NuZkUlP+rUd7zJrduvv/no3DLCeufJBOKVdfyfpq7SVLkm95NJQNabkMHOp0JRyaE5E5g5B0x7ZBOYhGoxYwqfO8YZILKAb3XfJX6Iwrh49ifc5saD8gxBNBKI41FH68twgeJfU9UJKvXZv1QE05/c+HS5Z7jvm9gIBvM6K9JJgCzOabiF3Afi5gqrvfKmJXzuPq41FGc6WAqbu/VwUvSVi0Hi9OrbYDKzt5WvvLoJrec0c1WiVUU0O/z3MBNHw3LQfREGZvWYhE/s9cr88XbXy19G2X+3uFbc0ppbYGa+W2Uc6Rh6XvZlVwY7+zv4S3I56W165aw2NP+52e9OFIsPJEYCXjg1kKrXSbEq1ItLLVaCV8HGKP3dx99ljlD7YxJvHJSvFJr91aBp+wqSA1BSe99p4EJ3KDaTMbTL2qp6T2ullsg8lonAyaUAbvtJ7JYW25tbTFW0sMLiBjAla7xFcqGgqzjH978xW40QaasxUxSw0Dk3z3sR9EKmd34VjRpzqpcwp1A7fc8/7MA0q13mz6g9FLOWY4Uu42rQdetbS9Tj12bxqVOt19bltOG/52TMHHY/baJT8ewy9HVzgnrSN9jC9BThw/oy94FIuj+JPYaYLw/D/D+Go5WUkRYTHo0MtWu9NQOu3gp7l7sJMIJcZL7O03FK110FDaTVakl1OmAznafguKdHgt+ztqhkM2AkqroM6C7WZ1hHyOKu4TGCyis9ZsJmFYlNHMqrS0JMxMzO9srePOK/EB0WtMC11OpcPddRcxfKcU6g2EoJsX3CjBsjlAMAzCGJ6j1fLS5+jy0GQE5kDxHIWHlsvGo0tEGCzSsVFlPCji/Mpac3QfcAP7hOFZBBcFligFe1mZyyBCXoJ4E8f1huQuSfkw8cSxvTB4ntpp/kPIB9CTeYenFb7Ch/8BTebdKQoAT9IXGXBo0HH19HUKZHnO7IX50XbotRmAXIF12YrvWAiWiV7uaaBitB786h0wHaP1Empo6Jt5SxpWs1hPUE2LqauDvUQFWTMnQCCmlaAa30oFMV0ZEOf3Cy1sOXTa/4CtS37+PTjaJV4snF0rnHf0XesVxYcoCaof7W0UKRRZQj4k5QMfYk78P5B8E/MogLM8Lnoi0/ZEpuW585nWYeBZfVOSXyNJX8iyvOBpqDqidbo05tKYb9yYdx9jzHvSmEtjLo15uXB9aYN9QjH+ce21woYnjbY02tJor95oZw7VVLHa7aa02tJqS6u9nNU+vEHEZBX/wKZ7NkZpv6X9lvb7Cex37zH2uyXtt7Tf0n5Xsd8wMBwEne4PFyy7G4rFDlXwgzxvvqqvt9eavyXu9fOz5fKU5IZPSS68r9peJgpHuy1PRMoTkdt0IpL/+6gzkWBByM3cQ5HrDM/xY5ybvOTTopzBFLny4OSaYp5VC3lWj48BVItsJu+XSOS0euSU9fMvFcCsKaGThE61vyibg53mXJNdAJ0o/sbnNgqg/0SYKL5u+6MAI0Z/JaAer0VCpLVApLZ2sHUQqd1qSoi0Voj0DIKZdbrLOIe6z+7bRjIKyMbATWBXDkejZJl0uZg91WRYhnA0nkfsUVpicwAK8j1HTRV5yNQXmUVQIrg/Jq7ngIG0ku89CE9XCbVquFGMemwi1yN6gMnURlVQB6I2/xOW+eclwu9UDqbBVzDzPli5WldXexGss/KiqIBCpkTPkKk/AOjENor7kM34Ku+t0syiqYWTy/Fw2TldDDyTezQMUjL7wiUPEdOnAMhgsqxJTULGHN6MdhX2Fc9PLtNEMmzMqu4199rLRIBT1fp9kACGIj9IIP15W/NBguXQbh1D91J2WumCGHh1GFl+rODHdwICO/aZqPaZPRS9gd9uLHbqtj/GaNL3XWzM/WrBF40BSOW1UlQDMPLcCja3rVoiYl+t/YaAypR/AYkVYiswC6AbpMtwPbuq7XZhOJpQEfk2WQV40578uwgwlq789LoEbttyhK3bWWYfVn5XU2KzLTvbltmkZd8Ln4BC7tO7PvSXWcv50Yy5Z29z8Or88/KwqvFUtPOq0E55pfyibY6Al58LPwNfa1x6/vn15WceYFrpWBKTrgeTdprtrdvG7jQ7chtbAsyanfRbDmHKSxISSNYPSJI0EmKuuZHeZ3Fag3Nm/RDH8J3ieWhoLef4RvrWeuN+O1ZCKkrIs6bd04NOa/uiQh90fvwPkf4UVqu6+hhbKFbLrf0g2Zua4ZkZes0HDOpOONSjfpwwcyschFEvsYnZcY6pOqvc4/qPneWZdRqMkusJXHSfZ2wTc+RiMzBQmUEKt2cnWSiVvEQrFMhFPmAodEomocinhCUCX6nkcbClJ0o8sUEpG/gw/+p3rmtWBa3gkZziUSwAATSKUG1mpb8IZ1vYtwLotJAiQXYUEEJNhM3AQ6aJU1G9KRiDu3RR95pMPlHzYmrreREi4tNWUbfTuiTBv2bUnRRZBHZITNQiCB2gX2KTcC4DsvcD1SZa2tB89tktb9+FRpQwZUfdDsYIu1uBKxKCNWOVRxFIBAAXHrJBYRh/IkrYIoZ/yCpf3lbGbjlmFzQV5yn3j2iEajI3Qx+Wll84ZOaAVkKG7+LLoKJcmL5BDueHC33GI31iD537b86AocXdV9f+AFMbe9jdffV/u694OYChQD/Q/vyoYUOBwhvjfvV/nIFagf2/JYs/nvVXSbmaiEVHisWcyYU1FPzh08ey05fI18v9p2yRxXk7RwZSOD0SgajXTy8HC0gl2X2L2D2ewjfhQXP2P5/b6Aj65sTgfdiDKpaADWF9IlCRfFI0RNHgf5lz4SFYIRIrjrMVx/Rybn/RZgvLMGxX8Imf+LUJ0a+5++8+TvvL4X46dUCdWzdExrEDKF6zKil5Uv3gfsFn7d8Xt9cn++GS9yZeFnPyCZOi7jVhJfnwXxIW2TBO7wAA fluent-logging.json.gz: diff --git a/charts/kubezero-telemetry/values.yaml b/charts/kubezero-telemetry/values.yaml index f4172347..10a8367d 100644 --- a/charts/kubezero-telemetry/values.yaml +++ b/charts/kubezero-telemetry/values.yaml @@ -3,6 +3,74 @@ opentelemetry-collector: mode: deployment + image: + repository: "otel/opentelemetry-collector-contrib" + + config: + extensions: + health_check: + endpoint: ${env:MY_POD_IP}:13133 + memory_ballast: {} + + exporters: + otlp/jaeger: + endpoint: telemetry-jaeger-collector:4317 + tls: + insecure: true + + processors: + batch: {} + # If set to null, will be overridden with values based on k8s resource limits + memory_limiter: null + + receivers: + jaeger: null + zipkin: null + otlp: + protocols: + grpc: + endpoint: ${env:MY_POD_IP}:4317 + http: + endpoint: ${env:MY_POD_IP}:4318 + service: + telemetry: + metrics: + address: ${env:MY_POD_IP}:8888 + extensions: + - health_check + - memory_ballast + pipelines: + metrics: null + logs: null + traces: + exporters: + - otlp/jaeger + processors: + - memory_limiter + - batch + receivers: + - otlp + + ports: + jaeger-compact: + enabled: false + jaeger-thrift: + enabled: false + jaeger-grpc: + enabled: false + zipkin: + enabled: false + metrics: + enabled: true + + serviceMonitor: + enabled: false + + podDisruptionBudget: + enabled: false + # minAvailable: 2 + # maxUnavailable: 1 + jaeger: enabled: false @@ -15,12 +83,12 @@ jaeger: grpc: name: otlp-grpc port: 4317 - http: - name: otlp-http - port: 4318 - extraEnv: - - name: ES_TAGS_AS_FIELDS_ALL - value: "true" + # http: + # name: otlp-http + # port: 4318 + #extraEnv: + # - name: ES_TAGS_AS_FIELDS_ALL + # value: "true" serviceMonitor: enabled: false @@ -52,7 +120,7 @@ jaeger: url: jaeger.example.com opensearch: - version: 2.14.0 + version: 2.15.0 prometheus: false # custom cluster settings @@ -302,6 +370,15 @@ fluent-bit: testFramework: enabled: false + service: + internalTrafficPolicy: Local + + extraPorts: + - name: otel + port: 4318 + containerPort: 4318 + protocol: TCP + serviceMonitor: enabled: false @@ -327,6 +404,9 @@ fluent-bit: sharedKey: secretref+k8s://v1/Secret/kube-system/kubezero-secrets/telemetry.fluentd.source.sharedKey tls: false + output_otel: + host: telemetry-opentelemetry-collector + input: memBufLimit: 16MB refreshInterval: 5 @@ -353,6 +433,7 @@ fluent-bit: Name tail Path /var/log/containers/*.log # Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769 + # Todo: Rather limit / filter spam message than exclude all together -> ideally locally, next dataprepper Exclude_Path *logging-fluent-bit* multiline.parser cri Tag cri.* @@ -363,10 +444,14 @@ fluent-bit: DB.locking true # Buffer_Max_Size 1M {{- with .Values.config.input }} - Mem_Buf_Limit {{ default "16MB" .memBufLimit }} - Refresh_Interval {{ default 5 .refreshInterval }} + Mem_Buf_Limit {{ .memBufLimit }} + Refresh_Interval {{ .refreshInterval }} {{- end }} + [INPUT] + Name opentelemetry + Tag otel + filters: | [FILTER] Name parser @@ -411,7 +496,7 @@ fluent-bit: outputs: | [OUTPUT] - Match * + Match kube.* Name forward Host {{ .Values.config.output.host }} Port 24224 @@ -420,6 +505,15 @@ fluent-bit: Send_options true Require_ack_response true + [OUTPUT] + Name opentelemetry + Match otel + Host {{ .Values.config.output_otel.host }} + Port 4318 + #Metrics_uri /v1/metrics + Traces_uri /v1/traces + #Logs_uri /v1/logs + customParsers: | [PARSER] Name cri-log