From 8f89c3ce1422ef1280bb6ed45a334958b32f0640 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 23 Aug 2023 12:20:50 +0000 Subject: [PATCH] Version bump logging module for 1.26 --- .../charts/eck-operator/.helmignore | 1 + .../charts/eck-operator/Chart.yaml | 9 +- .../charts/eck-operator/LICENSE | 93 + .../charts/eck-operator/crds/all-crds.yaml | 2657 +++++++++++++++-- .../eck-operator/templates/_helpers.tpl | 39 + .../eck-operator/templates/cluster-roles.yaml | 18 + .../eck-operator/templates/configmap.yaml | 26 +- .../templates/operator-network-policy.yaml | 2 +- .../charts/eck-operator/templates/pdb.yaml | 19 + .../eck-operator/templates/podMonitor.yaml | 16 +- .../eck-operator/templates/statefulset.yaml | 10 +- .../eck-operator/templates/webhook.yaml | 170 +- .../charts/eck-operator/values.yaml | 34 +- .../charts/fluent-bit/Chart.yaml | 8 +- .../charts/fluent-bit/ci/ci-values.yaml | 3 + .../fluent-bit/dashboards/fluent-bit.json | 1964 ++++++------ .../charts/fluent-bit/templates/_helpers.tpl | 32 + .../charts/fluent-bit/templates/_pod.tpl | 55 +- .../fluent-bit/templates/clusterrole.yaml | 7 +- .../templates/configmap-dashboards.yaml | 8 +- .../templates/configmap-luascripts.yaml | 3 +- .../fluent-bit/templates/configmap.yaml | 3 +- .../fluent-bit/templates/daemonset.yaml | 19 +- .../fluent-bit/templates/deployment.yaml | 17 +- .../charts/fluent-bit/templates/hpa.yaml | 3 +- .../charts/fluent-bit/templates/ingress.yaml | 1 + .../fluent-bit/templates/networkpolicy.yaml | 1 + .../charts/fluent-bit/templates/pdb.yaml | 1 + .../fluent-bit/templates/prometheusrule.yaml | 4 +- .../charts/fluent-bit/templates/scc.yaml | 16 +- .../charts/fluent-bit/templates/service.yaml | 1 + .../fluent-bit/templates/serviceaccount.yaml | 1 + .../fluent-bit/templates/servicemonitor.yaml | 8 +- .../templates/tests/test-connection.yaml | 3 +- .../charts/fluent-bit/templates/vpa.yaml | 1 + .../charts/fluent-bit/values.yaml | 126 +- .../charts/fluentd/Chart.yaml | 4 +- .../kubezero-logging/charts/fluentd/README.md | 11 + .../charts/fluentd/templates/_helpers.tpl | 29 + .../charts/fluentd/templates/_pod.tpl | 77 +- .../charts/fluentd/templates/clusterrole.yaml | 2 + .../templates/configmap-dashboards.yaml | 2 +- .../templates/files.conf/prometheus.yaml | 2 +- .../templates/fluentd-configurations-cm.yaml | 10 +- .../fluentd/templates/podsecuritypolicy.yaml | 6 +- .../charts/fluentd/values.yaml | 54 +- charts/kubezero-logging/fluentd.patch | 87 - charts/kubezero-logging/update.sh | 6 +- charts/kubezero-logging/values.yaml | 2 +- charts/kubezero/values.yaml | 2 +- 50 files changed, 4247 insertions(+), 1426 deletions(-) create mode 100644 charts/kubezero-logging/charts/eck-operator/LICENSE create mode 100644 charts/kubezero-logging/charts/eck-operator/templates/pdb.yaml diff --git a/charts/kubezero-logging/charts/eck-operator/.helmignore b/charts/kubezero-logging/charts/eck-operator/.helmignore index 0e8a0eb..f5e0fb2 100644 --- a/charts/kubezero-logging/charts/eck-operator/.helmignore +++ b/charts/kubezero-logging/charts/eck-operator/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +templates/tests \ No newline at end of file diff --git a/charts/kubezero-logging/charts/eck-operator/Chart.yaml b/charts/kubezero-logging/charts/eck-operator/Chart.yaml index 2ab535f..ba6da12 100644 --- a/charts/kubezero-logging/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-logging/charts/eck-operator/Chart.yaml @@ -1,9 +1,10 @@ apiVersion: v2 -appVersion: 2.4.0 -description: 'A Helm chart for deploying the Elastic Cloud on Kubernetes (ECK) operator: the official Kubernetes operator for orchestrating Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats.' +appVersion: 2.9.0 +description: Elastic Cloud on Kubernetes (ECK) operator home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png keywords: + - Logstash - Elasticsearch - Kibana - APM Server @@ -11,10 +12,10 @@ keywords: - Enterprise Search - Elastic Stack - Operator -kubeVersion: '>=1.12.0-0' +kubeVersion: '>=1.21.0-0' maintainers: - email: eck@elastic.co name: Elastic name: eck-operator type: application -version: 2.4.0 +version: 2.9.0 diff --git a/charts/kubezero-logging/charts/eck-operator/LICENSE b/charts/kubezero-logging/charts/eck-operator/LICENSE new file mode 100644 index 0000000..92503a7 --- /dev/null +++ b/charts/kubezero-logging/charts/eck-operator/LICENSE @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. \ No newline at end of file diff --git a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml index 2894a90..0291cd4 100644 --- a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml @@ -4,14 +4,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: agents.agent.k8s.elastic.co spec: group: agent.k8s.elastic.co @@ -126,8 +125,7 @@ spec: by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions - during disruption. This is beta field and enabled/disabled - by DaemonSetUpdateSurge feature gate.' + during disruption.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: @@ -412,14 +410,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -433,17 +441,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -755,9 +765,9 @@ spec: - fleet type: string policyID: - description: PolicyID optionally determines into which Agent Policy - this Agent will be enrolled. If left empty the default policy will - be used. + description: PolicyID determines into which Agent Policy this Agent + will be enrolled. This field will become mandatory in a future release, + default policies are deprecated since 8.1.0. type: string revisionHistoryLimit: description: RevisionHistoryLimit is the number of revisions to retain @@ -865,14 +875,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: apmservers.apm.k8s.elastic.co spec: group: apm.k8s.elastic.co @@ -1078,14 +1087,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -1099,17 +1118,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -1700,14 +1721,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -1721,17 +1752,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -2087,14 +2120,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: beats.beat.k8s.elastic.co spec: group: beat.k8s.elastic.co @@ -2213,8 +2245,7 @@ spec: by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions - during disruption. This is beta field and enabled/disabled - by DaemonSetUpdateSurge feature gate.' + during disruption.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: @@ -2378,6 +2409,107 @@ spec: is used. type: string type: object + monitoring: + description: Monitoring enables you to collect and ship logs and metrics + for this Beat. Metricbeat and/or Filebeat sidecars are configured + and send monitoring data to an Elasticsearch monitoring cluster + running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + receive log data from an associated resource. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. + properties: + name: + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which receive monitoring data from this resource. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. + properties: + name: + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + type: object + type: array + type: object + type: object revisionHistoryLimit: description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying DaemonSet or Deployment. @@ -2459,6 +2591,15 @@ spec: kibanaAssociationStatus: description: AssociationStatus is the status of an association resource. type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a + single Association of a given type (for ex. single ES reference), + this map contains a single entry. + type: object observedGeneration: description: ObservedGeneration represents the .metadata.generation that the status is based upon. It corresponds to the metadata generation, @@ -2485,14 +2626,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: elasticmapsservers.maps.k8s.elastic.co spec: group: maps.k8s.elastic.co @@ -2711,14 +2851,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -2732,17 +2882,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -3084,14 +3236,369 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' + name: elasticsearchautoscalers.autoscaling.k8s.elastic.co +spec: + group: autoscaling.k8s.elastic.co + names: + categories: + - elastic + kind: ElasticsearchAutoscaler + listKind: ElasticsearchAutoscalerList + plural: elasticsearchautoscalers + shortNames: + - esa + singular: elasticsearchautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.elasticsearchRef.name + name: Target + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: Healthy + type: string + - jsonPath: .status.conditions[?(@.type=='Limited')].status + name: Limited + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticsearchAutoscaler represents an ElasticsearchAutoscaler + resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchAutoscalerSpec holds the specification of an + Elasticsearch autoscaler resource. + properties: + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + that exists in the same namespace. + properties: + name: + description: Name is the name of the Elasticsearch resource to + scale automatically. + minLength: 1 + type: string + type: object + policies: + items: + description: AutoscalingPolicySpec holds a named autoscaling policy + and the associated resources limits (cpu, memory, storage). + properties: + deciders: + additionalProperties: + additionalProperties: + type: string + description: DeciderSettings allow the user to tweak autoscaling + deciders. The map data structure complies with the + format expected by Elasticsearch. + type: object + description: Deciders allow the user to override default settings + for autoscaling deciders. + type: object + name: + description: Name identifies the autoscaling policy in the autoscaling + specification. + type: string + resources: + description: AutoscalingResources model the limits, submitted + by the user, for the supported resources in an autoscaling + policy. Only the node count range is mandatory. For other + resources, a limit range is required only if the Elasticsearch + autoscaling capacity API returns a requirement for a given + resource. For example, the memory limit range is only required + if the autoscaling API response contains a memory requirement. + If there is no limit range for a resource, and if that resource + is not mandatory, then the resources in the NodeSets managed + by the autoscaling policy are left untouched. + properties: + cpu: + description: QuantityRange models a resource limit range + for resources which can be expressed with resource.Quantity. + properties: + max: + anyOf: + - type: integer + - type: string + description: Max represents the upper limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: Min represents the lower limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + requestsToLimitsRatio: + anyOf: + - type: integer + - type: string + description: RequestsToLimitsRatio allows to customize + Kubernetes resource Limit based on the Request. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - max + - min + type: object + memory: + description: QuantityRange models a resource limit range + for resources which can be expressed with resource.Quantity. + properties: + max: + anyOf: + - type: integer + - type: string + description: Max represents the upper limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: Min represents the lower limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + requestsToLimitsRatio: + anyOf: + - type: integer + - type: string + description: RequestsToLimitsRatio allows to customize + Kubernetes resource Limit based on the Request. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - max + - min + type: object + nodeCount: + description: NodeCountRange is used to model the minimum + and the maximum number of nodes over all the NodeSets + managed by the same autoscaling policy. + properties: + max: + description: Max represents the maximum number of nodes + in a tier. + format: int32 + type: integer + min: + description: Min represents the minimum number of nodes + in a tier. + format: int32 + type: integer + required: + - max + - min + type: object + storage: + description: QuantityRange models a resource limit range + for resources which can be expressed with resource.Quantity. + properties: + max: + anyOf: + - type: integer + - type: string + description: Max represents the upper limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: Min represents the lower limit for the + resources managed by the autoscaler. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + requestsToLimitsRatio: + anyOf: + - type: integer + - type: string + description: RequestsToLimitsRatio allows to customize + Kubernetes resource Limit based on the Request. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - max + - min + type: object + required: + - nodeCount + type: object + roles: + description: An autoscaling policy must target a unique set + of roles. + items: + type: string + type: array + required: + - resources + type: object + type: array + pollingPeriod: + description: PollingPeriod is the period at which to synchronize with + the Elasticsearch autoscaling API. + type: string + required: + - policies + type: object + status: + properties: + conditions: + description: Conditions holds the current service state of the autoscaling + controller. + items: + description: Condition represents Elasticsearch resource's condition. + **This API is in technical preview and may be changed or removed + in a future release.** + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: + description: ConditionType defines the condition of an Elasticsearch + resource. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation by + the controller. + format: int64 + type: integer + policies: + description: AutoscalingPolicyStatuses is used to expose state messages + to user or external system. + items: + properties: + lastModificationTime: + description: LastModificationTime is the last time the resources + have been updated, used by the cooldown algorithm. + format: date-time + type: string + name: + description: Name is the name of the autoscaling policy + type: string + nodeSets: + description: NodeSetNodeCount holds the number of nodes for + each nodeSet. + items: + description: NodeSetNodeCount models the number of nodes expected + in a given NodeSet. + properties: + name: + description: Name of the Nodeset. + type: string + nodeCount: + description: NodeCount is the number of nodes, as computed + by the autoscaler, expected in this NodeSet. + format: int32 + type: integer + required: + - name + - nodeCount + type: object + type: array + resources: + description: ResourcesSpecification holds the resource values + common to all the nodeSets managed by a same autoscaling policy. + Only the resources managed by the autoscaling controller are + saved in the Status. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, quantity) + pairs. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, quantity) + pairs. + type: object + type: object + state: + description: PolicyStates may contain various messages regarding + the current state of this autoscaling policy. + items: + properties: + messages: + items: + type: string + type: array + type: + type: string + required: + - messages + - type + type: object + type: array + required: + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.4 + labels: + app.kubernetes.io/instance: 'logging' + app.kubernetes.io/managed-by: 'Helm' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co @@ -3288,14 +3795,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -3309,17 +3826,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -3596,7 +4115,7 @@ spec: properties: logs: description: Logs holds references to Elasticsearch clusters which - receive log data from this Elasticsearch cluster. + receive log data from an associated resource. properties: elasticsearchRefs: description: ElasticsearchRefs is a reference to a list of @@ -3643,7 +4162,7 @@ spec: type: object metrics: description: Metrics holds references to Elasticsearch clusters - which receive monitoring data from this Elasticsearch cluster. + which receive monitoring data from this resource. properties: elasticsearchRefs: description: ElasticsearchRefs is a reference to a list of @@ -3779,9 +4298,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -3806,27 +4328,33 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed if - the type of the specified object matches some installed - volume populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will - be set to the same value automatically if one of - them is empty and the other is non-empty. There - are two important differences between DataSource - and DataSourceRef: * While DataSource only allows - two specific types of objects, DataSourceRef allows + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -3843,11 +4371,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -3856,6 +4394,30 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3877,8 +4439,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3994,7 +4556,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -4150,6 +4712,31 @@ spec: type: object type: object x-kubernetes-map-type: atomic + unhealthyPodEvictionPolicy: + description: "UnhealthyPodEvictionPolicy defines the criteria + for when unhealthy pods should be considered for eviction. + Current implementation considers healthy pods, as pods that + have status.conditions item with type=\"Ready\",status=\"True\". + \n Valid policies are IfHealthyBudget and AlwaysAllow. If + no policy is specified, the default behavior will be used, + which corresponds to the IfHealthyBudget policy. \n IfHealthyBudget + policy means that running pods (status.phase=\"Running\"), + but not yet healthy can be evicted only if the guarded application + is not disrupted (status.currentHealthy is at least equal + to status.desiredHealthy). Healthy pods will be subject + to the PDB for eviction. \n AlwaysAllow policy means that + all running pods (status.phase=\"Running\"), but not yet + healthy are considered disrupted and can be evicted regardless + of whether the criteria in a PDB is met. This means perspective + running pods of a disrupted application might not get a + chance to become healthy. Healthy pods will be subject to + the PDB for eviction. \n Additional policies may be added + in the future. Clients making eviction decisions should + disallow eviction of unhealthy pods if they encounter an + unrecognized policy in this field. \n This field is beta-level. + The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy + is enabled (enabled by default)." + type: string type: object type: object remoteClusters: @@ -4351,14 +4938,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -4372,17 +4969,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -4622,6 +5221,15 @@ spec: description: SecretName is the name of the secret. type: string type: object + certificateAuthorities: + description: CertificateAuthorities is a reference to a config + map that contains one or more x509 certificates for trusted + authorities in PEM format. The certificates need to be in + a file called `ca.crt`. + properties: + configMapName: + type: string + type: object otherNameSuffix: description: 'OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, and the first @@ -5041,14 +5649,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -5062,17 +5680,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -5427,9 +6047,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5454,27 +6077,33 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed if - the type of the specified object matches some installed - volume populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will - be set to the same value automatically if one of - them is empty and the other is non-empty. There - are two important differences between DataSource - and DataSourceRef: * While DataSource only allows - two specific types of objects, DataSourceRef allows + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5491,11 +6120,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -5504,6 +6143,30 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5525,8 +6188,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -5642,7 +6305,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -5800,6 +6463,31 @@ spec: type: object type: object x-kubernetes-map-type: atomic + unhealthyPodEvictionPolicy: + description: "UnhealthyPodEvictionPolicy defines the criteria + for when unhealthy pods should be considered for eviction. + Current implementation considers healthy pods, as pods that + have status.conditions item with type=\"Ready\",status=\"True\". + \n Valid policies are IfHealthyBudget and AlwaysAllow. If + no policy is specified, the default behavior will be used, + which corresponds to the IfHealthyBudget policy. \n IfHealthyBudget + policy means that running pods (status.phase=\"Running\"), + but not yet healthy can be evicted only if the guarded application + is not disrupted (status.currentHealthy is at least equal + to status.desiredHealthy). Healthy pods will be subject + to the PDB for eviction. \n AlwaysAllow policy means that + all running pods (status.phase=\"Running\"), but not yet + healthy are considered disrupted and can be evicted regardless + of whether the criteria in a PDB is met. This means perspective + running pods of a disrupted application might not get a + chance to become healthy. Healthy pods will be subject to + the PDB for eviction. \n Additional policies may be added + in the future. Clients making eviction decisions should + disallow eviction of unhealthy pods if they encounter an + unrecognized policy in this field. \n This field is beta-level. + The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy + is enabled (enabled by default)." + type: string type: object type: object secureSettings: @@ -5904,14 +6592,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: group: enterprisesearch.k8s.elastic.co @@ -6129,14 +6816,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -6150,17 +6847,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -6702,14 +7401,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -6723,17 +7432,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -7060,14 +7771,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.4.0' - helm.sh/chart: 'eck-operator-crds-2.4.0' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' name: kibanas.kibana.k8s.elastic.co spec: group: kibana.k8s.elastic.co @@ -7305,14 +8015,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -7326,17 +8046,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -7613,7 +8335,7 @@ spec: properties: logs: description: Logs holds references to Elasticsearch clusters which - will receive log data from this Kibana. + receive log data from an associated resource. properties: elasticsearchRefs: description: ElasticsearchRefs is a reference to a list of @@ -7660,7 +8382,7 @@ spec: type: object metrics: description: Metrics holds references to Elasticsearch clusters - which will receive monitoring data from this Kibana. + which receive monitoring data from this resource. properties: elasticsearchRefs: description: ElasticsearchRefs is a reference to a list of @@ -7998,14 +8720,24 @@ spec: to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. type: string healthCheckNodePort: description: healthCheckNodePort specifies the healthcheck @@ -8019,17 +8751,19 @@ spec: not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need - it (e.g. changing type). + it (e.g. changing type). This field cannot be updated + once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). type: string ipFamilies: description: "IPFamilies is a list of IP families (e.g. @@ -8368,3 +9102,1392 @@ spec: type: object served: false storage: false +--- +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.4 + labels: + app.kubernetes.io/instance: 'logging' + app.kubernetes.io/managed-by: 'Helm' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' + name: logstashes.logstash.k8s.elastic.co +spec: + group: logstash.k8s.elastic.co + names: + categories: + - elastic + kind: Logstash + listKind: LogstashList + plural: logstashes + shortNames: + - ls + singular: logstash + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - jsonPath: .metadata.creationTimestamp + name: age + type: date + - description: Logstash version + jsonPath: .status.version + name: version + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Logstash is the Schema for the logstashes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LogstashSpec defines the desired state of Logstash + properties: + config: + description: Config holds the Logstash configuration. At most one + of [`Config`, `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Logstash configuration. Logstash settings must + be specified as yaml, under a single "logstash.yml" entry. At most + one of [`Config`, `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + format: int32 + type: integer + elasticsearchRefs: + description: ElasticsearchRefs are references to Elasticsearch clusters + running in the same Kubernetes cluster. + items: + description: ElasticsearchCluster is a named reference to an Elasticsearch + cluster which can be used in a Logstash pipeline. + properties: + clusterName: + description: ClusterName is an alias for the cluster to be used + to refer to the Elasticsearch cluster in Logstash configuration + files, and will be used to identify "named clusters" in Logstash + minLength: 1 + type: string + name: + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: + the password of the user to be authenticated to the Elastic + resource - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields + name, namespace or serviceName.' + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced + resource is used. + type: string + type: object + type: array + image: + description: Image is the Logstash Docker image to deploy. Version + and Type have to match the Logstash in the image. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring + data of this Logstash. Metricbeat and Filebeat are deployed in the + same Pod as sidecars and each one sends data to one or two different + Elasticsearch monitoring clusters running in the same Kubernetes + cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + receive log data from an associated resource. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. + properties: + name: + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which receive monitoring data from this resource. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. + properties: + name: + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + type: object + type: array + type: object + type: object + pipelines: + description: Pipelines holds the Logstash Pipelines. At most one of + [`Pipelines`, `PipelinesRef`] can be specified. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + pipelinesRef: + description: PipelinesRef contains a reference to an existing Kubernetes + Secret holding the Logstash Pipelines. Logstash pipelines must be + specified as yaml, under a single "pipelines.yml" entry. At most + one of [`Pipelines`, `PipelinesRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + podTemplate: + description: PodTemplate provides customisation options for the Logstash + pods. + type: object + x-kubernetes-preserve-unknown-fields: true + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying StatefulSet. + format: int32 + type: integer + secureSettings: + description: SecureSettings is a list of references to Kubernetes + Secrets containing sensitive configuration options for the Logstash. + Secrets data can be then referenced in the Logstash config using + the Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to Elasticsearch resource in a different namespace. Can + only be used if ECK is enforcing RBAC on references. + type: string + services: + description: 'Services contains details of services that Logstash + should expose - similar to the HTTP layer configuration for the + rest of the stack, but also applicable for more use cases than the + metrics API, as logstash may need to be opened up for other services: + Beats, TCP, UDP, etc, inputs.' + items: + properties: + name: + type: string + service: + description: Service defines the template for the associated + Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. + The name and namespace provided here are managed by ECK + and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may + be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests + will be respected, regardless of this field. This + field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any + other type. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is + specified manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This + field may not be changed through updates unless the + type field is also being changed to ExternalName (which + requires this field to be blank) or the type field + is being changed from ExternalName (in which case + this field may optionally be specified, as describe + above). Valid values are "None", empty string (""), + or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and + proxying is not required. Only applies to types ClusterIP, + NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation + will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range + (as per system configuration), and is not in use, + it will be allocated to the service; otherwise creation + of the service will fail. This field may not be changed + through updates unless the type field is also being + changed to ExternalName (which requires this field + to be empty) or the type field is being changed from + ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + \"None\", empty string (\"\"), or a valid IP address. + \ Setting this to \"None\" makes a \"headless service\" + (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. + \ Only applies to types ClusterIP, NodePort, and LoadBalancer. + If this field is specified when creating a Service + of type ExternalName, creation will fail. This field + will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP + have the same value. \n This field may hold a maximum + of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies + field. Both clusterIPs and ipFamilies are governed + by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes + system. + items: + type: string + type: array + externalName: + description: externalName is the external reference + that discovery mechanisms will return as an alias + for this service (e.g. a DNS CNAME record). No proxying + will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires + `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of + the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that + assumes that external load balancers will take care + of balancing the service traffic between nodes, and + so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the + client source IP. (Traffic mistakenly sent to a node + with no endpoints will be dropped.) The default value, + "Cluster", uses the standard behavior of routing to + all endpoints evenly (possibly modified by topology + and other features). Note that traffic sent to an + External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to + take traffic policy into account when picking a node. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External + systems (e.g. load-balancers) can use this port to + determine if a given node holds endpoints for this + service or not. If this field is specified when creating + a Service which does not need it, creation will fail. + This field will be wiped when updating a Service to + no longer need it (e.g. changing type). This field + cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the + same node as the pod, dropping the traffic if there + are no local endpoints. The default value, "Cluster", + uses the standard behavior of routing to all endpoints + evenly (possibly modified by topology and other features). + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the + cluster, and ipFamilyPolicy allows it, it will be + used; otherwise creation of the service will fail. + This field is conditionally mutable: it allows for + adding or removing a secondary IP family, but it does + not allow changing the primary IP family of the Service. + Valid values are \"IPv4\" and \"IPv6\". This field + only applies to Services of types ClusterIP, NodePort, + and LoadBalancer, and does apply to \"headless\" services. + This field will be wiped when updating a Service to + type ExternalName. \n This field may hold a maximum + of two entries (dual-stack families, in either order). + \ These families must correspond to the values of + the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is + no value provided, then this field will be set to + SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters), or "RequireDualStack" (two + IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend + on the value of this field. This field will be wiped + when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set + when the Service type is 'LoadBalancer'. If not set, + the default load balancer implementation is used, + today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load + balancer is created. This field will be ignored if + the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies + across implementations, and it cannot support dual-stack. + As of Kubernetes v1.24, users are encouraged to use + implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified + client IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by + this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and https://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or + LoadBalancer. Usually assigned by the system. + If a value is specified, in-range, and not in + use it will be used, otherwise the operation + will fail. If not specified, a port will be + allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. + This field will be wiped when updating a Service + to no longer need it (e.g. changing type from + NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that + any agent which deals with endpoints for this Service + should disregard any indications of ready/not-ready. + The primary use case for setting this field is for + a StatefulSet's Headless Service to propagate SRV + DNS records for its Pods for the purpose of peer discovery. + The Kubernetes controllers that generate Endpoints + and EndpointSlice resources for Services interpret + this to mean that all endpoints are considered "ready" + even if the Pods themselves are not. Agents which + consume only Kubernetes generated endpoints through + the Endpoints or EndpointSlice resources can safely + assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based + session affinity. Must be ClientIP or None. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The + value must be >0 && <=86400(for 1 day) if + ServiceAffinity == "ClientIP". Default value + is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" + allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints + rather than a virtual IP. "NodePort" builds on ClusterIP + and allocates a port on every node which routes to + the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to + the same endpoints as the clusterIP. "ExternalName" + aliases this service to the specified externalName. + Several other fields do not apply to ExternalName + services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes + secret that contains the certificate and private key for + enabling TLS. The referenced secret should contain the + following: \n - `ca.crt`: The certificate authority (optional). + - `tls.crt`: The certificate (or a chain). - `tls.key`: + The private key to the first certificate in the certificate + chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + type: array + version: + description: Version of the Logstash. + type: string + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume claims + to be used by each Pod. Every claim in this list must have a matching + volumeMount in one of the containers defined in the PodTemplate. + Items defined here take precedence over any default claims added + by the operator with the same name. + items: + description: PersistentVolumeClaim is a user's request for and claim + to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only + succeed if the type of the specified object matches some + installed volume populator or dynamic provisioner. This + field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they must + have the same value. For backwards compatibility, when + namespace isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other + is non-empty. When namespace is specified in dataSourceRef, + dataSource isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows two + specific types of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. * While + dataSource ignores disallowed values (dropping them), + dataSourceRef preserves all values, and generates an error + if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but must + still be higher than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity when + a volume expansion operation is requested. For storage + quota, the larger value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower than + the requested capacity. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources of + the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains details + about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be a + short, machine understandable string that gives + the reason for condition's last transition. If it + reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: array + required: + - version + type: object + status: + description: LogstashStatus defines the observed state of Logstash + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationsStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: object + expectedNodes: + format: int32 + type: integer + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: MonitoringAssociationStatus is the status of any auto-linking + to monitoring Elasticsearch clusters. + type: object + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this Logstash instance. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Logstash controller has not yet processed the changes contained + in the Logstash specification. + format: int64 + type: integer + selector: + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + required: + - selector + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.expectedNodes + status: {} +--- +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.4 + labels: + app.kubernetes.io/instance: 'logging' + app.kubernetes.io/managed-by: 'Helm' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '2.9.0' + helm.sh/chart: 'eck-operator-crds-2.9.0' + name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co +spec: + group: stackconfigpolicy.k8s.elastic.co + names: + categories: + - elastic + kind: StackConfigPolicy + listKind: StackConfigPolicyList + plural: stackconfigpolicies + shortNames: + - scp + singular: stackconfigpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Resources configured + jsonPath: .status.readyCount + name: Ready + type: string + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: StackConfigPolicy represents a StackConfigPolicy resource in + a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + elasticsearch: + properties: + clusterSettings: + description: ClusterSettings holds the Elasticsearch cluster settings + (/_cluster/settings) + type: object + x-kubernetes-preserve-unknown-fields: true + indexLifecyclePolicies: + description: IndexLifecyclePolicies holds the Index Lifecycle + policies settings (/_ilm/policy) + type: object + x-kubernetes-preserve-unknown-fields: true + indexTemplates: + description: IndexTemplates holds the Index and Component Templates + settings + properties: + componentTemplates: + description: ComponentTemplates holds the Component Templates + settings (/_component_template) + type: object + x-kubernetes-preserve-unknown-fields: true + composableIndexTemplates: + description: ComposableIndexTemplates holds the Index Templates + settings (/_index_template) + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + x-kubernetes-preserve-unknown-fields: true + ingestPipelines: + description: IngestPipelines holds the Ingest Pipelines settings + (/_ingest/pipeline) + type: object + x-kubernetes-preserve-unknown-fields: true + securityRoleMappings: + description: SecurityRoleMappings holds the Role Mappings settings + (/_security/role_mapping) + type: object + x-kubernetes-preserve-unknown-fields: true + snapshotLifecyclePolicies: + description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle + Policies settings (/_slm/policy) + type: object + x-kubernetes-preserve-unknown-fields: true + snapshotRepositories: + description: SnapshotRepositories holds the Snapshot Repositories + settings (/_snapshot) + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + resourceSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + secureSettings: + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + type: object + status: + properties: + errors: + description: Errors is the number of resources which have an incorrect + configuration + type: integer + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this StackConfigPolicy. + format: int64 + type: integer + phase: + description: Phase is the phase of the StackConfigPolicy. + type: string + ready: + description: Ready is the number of resources successfully configured. + type: integer + readyCount: + description: ReadyCount is a human representation of the number of + resources successfully configured. + type: string + resources: + description: Resources is the number of resources to be configured. + type: integer + resourcesStatuses: + additionalProperties: + description: ResourcePolicyStatus models the status of the policy + for one resource to be configured. + properties: + currentVersion: + format: int64 + type: integer + error: + properties: + message: + type: string + version: + format: int64 + type: integer + type: object + expectedVersion: + format: int64 + type: integer + phase: + type: string + type: object + description: ResourcesStatuses holds the status for each resource + to be configured. + type: object + required: + - resourcesStatuses + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl index 69e8ec7..8c421f7 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl +++ b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl @@ -206,6 +206,19 @@ updating docs/operating-eck/eck-permissions.asciidoc file. - create - update - patch +- apiGroups: + - autoscaling.k8s.elastic.co + resources: + - elasticsearchautoscalers + - elasticsearchautoscalers/status + - elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - kibana.k8s.elastic.co resources: @@ -284,6 +297,32 @@ updating docs/operating-eck/eck-permissions.asciidoc file. - create - update - patch +- apiGroups: + - stackconfigpolicy.k8s.elastic.co + resources: + - stackconfigpolicies + - stackconfigpolicies/status + - stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - logstash.k8s.elastic.co + resources: + - logstashes + - logstashes/status + - logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch {{- end -}} {{/* diff --git a/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml b/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml index 3c142b1..1b623f3 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/cluster-roles.yaml @@ -26,6 +26,9 @@ rules: - apiGroups: ["elasticsearch.k8s.elastic.co"] resources: ["elasticsearches"] verbs: ["get", "list", "watch"] + - apiGroups: ["autoscaling.k8s.elastic.co"] + resources: ["elasticsearchautoscalers"] + verbs: ["get", "list", "watch"] - apiGroups: ["apm.k8s.elastic.co"] resources: ["apmservers"] verbs: ["get", "list", "watch"] @@ -44,6 +47,12 @@ rules: - apiGroups: ["maps.k8s.elastic.co"] resources: ["elasticmapsservers"] verbs: ["get", "list", "watch"] + - apiGroups: ["stackconfigpolicy.k8s.elastic.co"] + resources: ["stackconfigpolicies"] + verbs: ["get", "list", "watch"] + - apiGroups: ["logstash.k8s.elastic.co"] + resources: ["logstashes"] + verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -57,6 +66,9 @@ rules: - apiGroups: ["elasticsearch.k8s.elastic.co"] resources: ["elasticsearches"] verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["autoscaling.k8s.elastic.co"] + resources: ["elasticsearchautoscalers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] - apiGroups: ["apm.k8s.elastic.co"] resources: ["apmservers"] verbs: ["create", "delete", "deletecollection", "patch", "update"] @@ -75,4 +87,10 @@ rules: - apiGroups: ["maps.k8s.elastic.co"] resources: ["elasticmapsservers"] verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["stackconfigpolicy.k8s.elastic.co"] + resources: ["stackconfigpolicies"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["logstash.k8s.elastic.co"] + resources: ["logstashes"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] {{- end -}} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml index a1e08e6..0476411 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml @@ -11,21 +11,33 @@ data: log-verbosity: {{ int .Values.config.logVerbosity }} metrics-port: {{ int .Values.config.metricsPort }} container-registry: {{ .Values.config.containerRegistry }} + {{- with .Values.config.containerSuffix }} + container-suffix: {{ . }} + {{- end }} + {{- with .Values.config.containerRepository }} + container-repository: {{ . }} + {{- end }} max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }} + {{- with .Values.config.passwordHashCacheSize }} + password-hash-cache-size: {{ int . }} + {{- end }} ca-cert-validity: {{ .Values.config.caValidity }} ca-cert-rotate-before: {{ .Values.config.caRotateBefore }} cert-validity: {{ .Values.config.certificatesValidity }} cert-rotate-before: {{ .Values.config.certificatesRotateBefore }} - {{- if .Values.config.exposedNodeLabels }} - exposed-node-labels: [{{ join "," .Values.config.exposedNodeLabels }}] + {{- with .Values.config.exposedNodeLabels }} + exposed-node-labels: [{{ join "," . }}] {{- end }} set-default-security-context: {{ .Values.config.setDefaultSecurityContext }} kube-client-timeout: {{ .Values.config.kubeClientTimeout }} + {{- with .Values.config.kubeClientQPS }} + kube-client-qps: {{ int . }} + {{- end }} elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }} disable-telemetry: {{ .Values.telemetry.disabled }} distribution-channel: {{ .Values.telemetry.distributionChannel }} - {{- if .Values.telemetry.interval }} - telemetry-interval: {{ .Values.telemetry.interval }} + {{- with .Values.telemetry.interval }} + telemetry-interval: {{ . }} {{- end }} validate-storage-class: {{ .Values.config.validateStorageClass }} {{- if .Values.tracing.enabled }} @@ -41,8 +53,10 @@ data: manage-webhook-certs: false webhook-cert-dir: {{ .Values.webhook.certsDir }} {{- end }} + webhook-port: {{ .Values.webhook.port }} {{- end }} - {{- if .Values.managedNamespaces }} - namespaces: [{{ join "," .Values.managedNamespaces }}] + {{- with .Values.managedNamespaces }} + namespaces: [{{ join "," . }}] {{- end }} enable-leader-election: {{ .Values.config.enableLeaderElection }} + elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/operator-network-policy.yaml b/charts/kubezero-logging/charts/eck-operator/templates/operator-network-policy.yaml index 32d3f16..10aaa56 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/operator-network-policy.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/operator-network-policy.yaml @@ -44,7 +44,7 @@ spec: ingress: {{- if .Values.webhook.enabled }} - ports: - - port: 9443 + - port: {{ .Values.webhook.port }} from: - ipBlock: cidr: "{{ $kubeAPIServerIP }}/32" diff --git a/charts/kubezero-logging/charts/eck-operator/templates/pdb.yaml b/charts/kubezero-logging/charts/eck-operator/templates/pdb.yaml new file mode 100644 index 0000000..f0dddde --- /dev/null +++ b/charts/kubezero-logging/charts/eck-operator/templates/pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "eck-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "eck-operator.labels" . | indent 4 }} +spec: + {{- with .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ . }} + {{- end }} + {{- with .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "eck-operator.selectorLabels" . | indent 6 }} +{{- end -}} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/podMonitor.yaml b/charts/kubezero-logging/charts/eck-operator/templates/podMonitor.yaml index 54a5966..c269cb7 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/podMonitor.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/podMonitor.yaml @@ -6,8 +6,8 @@ metadata: name: {{ include "eck-operator.fullname" . }} namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (empty .Values.podMonitor.namespace)) }} labels: {{- include "eck-operator.labels" . | nindent 4 }} - {{- if .Values.podMonitor.labels }} - {{- toYaml .Values.podMonitor.labels | nindent 4 }} + {{- with .Values.podMonitor.labels }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.podMonitor.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -19,14 +19,14 @@ spec: podMetricsEndpoints: - port: metrics path: /metrics - {{- if .Values.podMonitor.interval }} - interval: {{ .Values.podMonitor.interval }} + {{- with .Values.podMonitor.interval }} + interval: {{ . }} {{- end }} - {{- if .Values.podMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.podMonitor.scrapeTimeout }} + {{- with .Values.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} {{- end }} - {{- if .Values.podMonitor.podMetricsEndpointConfig }} - {{- toYaml .Values.podMonitor.podMetricsEndpointConfig | nindent 6 }} + {{- with .Values.podMonitor.podMetricsEndpointConfig }} + {{- toYaml . | nindent 6 }} {{- end }} namespaceSelector: matchNames: diff --git a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml index 5c1fd03..d038011 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml @@ -31,8 +31,8 @@ spec: spec: terminationGracePeriodSeconds: 10 serviceAccountName: {{ include "eck-operator.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} {{- end }} {{- with .Values.podSecurityContext }} securityContext: @@ -87,7 +87,7 @@ spec: protocol: TCP {{- end }} {{- if .Values.webhook.enabled }} - - containerPort: 9443 + - containerPort: {{ .Values.webhook.port }} name: https-webhook protocol: TCP {{- end }} @@ -117,6 +117,10 @@ spec: {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 12 }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml b/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml index 9da3b65..8f41e7d 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/webhook.yaml @@ -6,13 +6,15 @@ metadata: name: {{ include "eck-operator.webhookName" . }} labels: {{- include "eck-operator.labels" . | nindent 4 }} -{{- if .Values.webhook.certManagerCert }} +{{- with .Values.webhook.certManagerCert }} annotations: - cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ .Values.webhook.certManagerCert }}" + cert-manager.io/inject-ca-from: "{{ $.Release.Namespace }}/{{ . }}" {{- end }} webhooks: - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -28,7 +30,7 @@ webhooks: {{- end }} name: elastic-agent-validation-v1alpha1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -41,7 +43,9 @@ webhooks: resources: - agents - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -57,7 +61,7 @@ webhooks: {{- end }} name: elastic-apm-validation-v1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -70,7 +74,9 @@ webhooks: resources: - apmservers - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -86,7 +92,7 @@ webhooks: {{- end }} name: elastic-apm-validation-v1beta1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -99,7 +105,9 @@ webhooks: resources: - apmservers - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -115,7 +123,7 @@ webhooks: {{- end }} name: elastic-beat-validation-v1beta1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -128,7 +136,9 @@ webhooks: resources: - beats - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -144,7 +154,7 @@ webhooks: {{- end }} name: elastic-ent-validation-v1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -157,7 +167,9 @@ webhooks: resources: - enterprisesearches - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -173,7 +185,7 @@ webhooks: {{- end }} name: elastic-ent-validation-v1beta1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -186,7 +198,9 @@ webhooks: resources: - enterprisesearches - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -202,7 +216,7 @@ webhooks: {{- end }} name: elastic-es-validation-v1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -215,7 +229,9 @@ webhooks: resources: - elasticsearches - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -231,7 +247,7 @@ webhooks: {{- end }} name: elastic-es-validation-v1beta1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -244,7 +260,40 @@ webhooks: resources: - elasticsearches - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} + service: + name: {{ include "eck-operator.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers + failurePolicy: {{ .Values.webhook.failurePolicy }} +{{- with .Values.webhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.webhook.objectSelector }} + objectSelector: + {{- toYaml . | nindent 4 }} +{{- end }} + name: elastic-ems-validation-v1alpha1.k8s.elastic.co + matchPolicy: Exact + admissionReviewVersions: [v1,v1beta1] + sideEffects: None + rules: + - apiGroups: + - maps.k8s.elastic.co + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - mapsservers +- clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} + caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -260,7 +309,7 @@ webhooks: {{- end }} name: elastic-kb-validation-v1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -273,7 +322,9 @@ webhooks: resources: - kibanas - clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} caBundle: {{ .Values.webhook.caBundle }} + {{- end }} service: name: {{ include "eck-operator.webhookServiceName" . }} namespace: {{ .Release.Namespace }} @@ -289,7 +340,7 @@ webhooks: {{- end }} name: elastic-kb-validation-v1beta1.k8s.elastic.co matchPolicy: Exact - admissionReviewVersions: [v1beta1] + admissionReviewVersions: [v1,v1beta1] sideEffects: None rules: - apiGroups: @@ -301,6 +352,99 @@ webhooks: - UPDATE resources: - kibanas +- clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} + caBundle: {{ .Values.webhook.caBundle }} + {{- end }} + service: + name: {{ include "eck-operator.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler + failurePolicy: {{ .Values.webhook.failurePolicy }} +{{- with .Values.webhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.webhook.objectSelector }} + objectSelector: + {{- toYaml . | nindent 4 }} +{{- end }} + name: elastic-esa-validation-v1alpha1.k8s.elastic.co + matchPolicy: Exact + admissionReviewVersions: [v1,v1beta1] + sideEffects: None + rules: + - apiGroups: + - autoscaling.k8s.elastic.co + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - elasticsearchautoscalers +- clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} + caBundle: {{ .Values.webhook.caBundle }} + {{- end }} + service: + name: {{ include "eck-operator.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies + failurePolicy: {{ .Values.webhook.failurePolicy }} +{{- with .Values.webhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.webhook.objectSelector }} + objectSelector: + {{- toYaml . | nindent 4 }} +{{- end }} + name: elastic-scp-validation-v1alpha1.k8s.elastic.co + matchPolicy: Exact + admissionReviewVersions: [v1,v1beta1] + sideEffects: None + rules: + - apiGroups: + - stackconfigpolicy.k8s.elastic.co + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - stackconfigpolicies +- clientConfig: + {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }} + caBundle: {{ .Values.webhook.caBundle }} + {{- end }} + service: + name: {{ include "eck-operator.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash + failurePolicy: {{ .Values.webhook.failurePolicy }} +{{- with .Values.webhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.webhook.objectSelector }} + objectSelector: + {{- toYaml . | nindent 4 }} +{{- end }} + name: elastic-logstash-validation-v1alpha1.k8s.elastic.co + matchPolicy: Exact + admissionReviewVersions: [v1,v1beta1] + sideEffects: None + rules: + - apiGroups: + - logstash.k8s.elastic.co + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - logstashes --- apiVersion: v1 kind: Service @@ -313,7 +457,7 @@ spec: ports: - name: https port: 443 - targetPort: 9443 + targetPort: {{ .Values.webhook.port }} selector: {{- include "eck-operator.selectorLabels" . | nindent 4 }} {{- if .Values.webhook.manageCerts }} diff --git a/charts/kubezero-logging/charts/eck-operator/values.yaml b/charts/kubezero-logging/charts/eck-operator/values.yaml index efc9ac1..180870b 100644 --- a/charts/kubezero-logging/charts/eck-operator/values.yaml +++ b/charts/kubezero-logging/charts/eck-operator/values.yaml @@ -51,7 +51,13 @@ podSecurityContext: runAsNonRoot: true # securityContext defines the security context of the operator container. -securityContext: {} +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true # nodeSelector defines the node selector for the operator pod. nodeSelector: {} @@ -62,6 +68,13 @@ tolerations: [] # affinity defines the node affinity rules for the operator pod. affinity: {} +# podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions, +# set to either an integer (e.g. 1) or a percentage value (e.g. 25%). +podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 3 + # additional environment variables for the operator container. env: [] @@ -113,6 +126,13 @@ webhook: # objectSelector corresponds to the objectSelector property of the webhook. # Setting this restricts the webhook to act only on objects that match the selector. objectSelector: {} + # port is the port that the validating webhook binds to. + port: 9443 + +# hostNetwork allows a Pod to use the Node network namespace. +# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled. +# CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host. +hostNetwork: false softMultiTenancy: # enabled determines whether the operator is installed with soft multi-tenancy extensions. @@ -143,6 +163,12 @@ config: # containerRegistry to use for pulling Elasticsearch and other application container images. containerRegistry: docker.elastic.co + # containerRepository to use for pulling Elasticsearch and other application container images. + # containerRepository: "" + + # containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag + # containerSuffix: "" + # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller. maxConcurrentReconciles: "3" @@ -182,6 +208,9 @@ config: # enableLeaderElection specifies whether leader election should be enabled enableLeaderElection: true + # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation. + elasticsearchObservationInterval: 10s + # Prometheus PodMonitor configuration # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor podMonitor: @@ -222,5 +251,4 @@ global: # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests). createOperatorNamespace: true # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml. - kubeVersion: 1.16.0 - + kubeVersion: 1.21.0 diff --git a/charts/kubezero-logging/charts/fluent-bit/Chart.yaml b/charts/kubezero-logging/charts/fluent-bit/Chart.yaml index 187ca86..6c060a1 100644 --- a/charts/kubezero-logging/charts/fluent-bit/Chart.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - - kind: changed - description: "Updated Fluent Bit image to v2.0.9." + - kind: added + description: "Added events permission to ClusteRole" apiVersion: v1 -appVersion: 2.0.9 +appVersion: 2.1.8 description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD family operating systems. home: https://fluentbit.io/ @@ -24,4 +24,4 @@ maintainers: name: fluent-bit sources: - https://github.com/fluent/fluent-bit/ -version: 0.24.0 +version: 0.37.1 diff --git a/charts/kubezero-logging/charts/fluent-bit/ci/ci-values.yaml b/charts/kubezero-logging/charts/fluent-bit/ci/ci-values.yaml index 8f3d5dd..d3e0979 100644 --- a/charts/kubezero-logging/charts/fluent-bit/ci/ci-values.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/ci/ci-values.yaml @@ -1 +1,4 @@ logLevel: debug + +dashboards: + enabled: true diff --git a/charts/kubezero-logging/charts/fluent-bit/dashboards/fluent-bit.json b/charts/kubezero-logging/charts/fluent-bit/dashboards/fluent-bit.json index 5dda4d6..87e3271 100644 --- a/charts/kubezero-logging/charts/fluent-bit/dashboards/fluent-bit.json +++ b/charts/kubezero-logging/charts/fluent-bit/dashboards/fluent-bit.json @@ -1,45 +1,12 @@ { - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "7.2.1" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "stat", - "name": "Stat", - "version": "" - } - ], "annotations": { "list": [ { "builtIn": 1, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -48,17 +15,21 @@ } ] }, - "description": "Inspired by https://grafana.com/grafana/dashboards/7752", + "description": "Fluent Bit dashboard.", "editable": true, - "gnetId": 7752, + "fiscalYearStartMonth": 0, + "gnetId": null, "graphTooltip": 1, "id": null, - "iteration": 1612355253484, "links": [], + "liveNow": false, "panels": [ { "collapsed": false, - "datasource": null, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, "gridPos": { "h": 1, "w": 24, @@ -67,17 +38,27 @@ }, "id": 45, "panels": [], - "title": "Cluster Status", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "refId": "A" + } + ], + "title": "Status", "type": "row" }, { - "cacheTimeout": null, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, + "description": "", "fieldConfig": { "defaults": { - "custom": {}, "mappings": [], - "nullValueMode": "connected", "thresholds": { "mode": "percentage", "steps": [ @@ -102,7 +83,6 @@ "y": 1 }, "id": 6, - "interval": null, "links": [], "maxDataPoints": 100, "options": { @@ -119,36 +99,53 @@ }, "textMode": "auto" }, - "pluginVersion": "7.2.1", + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"})", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(kube_pod_info{job=\"kube-state-metrics\",namespace=\"$namespace\",created_by_kind=\"DaemonSet\",created_by_name=\"$release\"})", "format": "time_series", "interval": "", "intervalFactor": 1, - "legendFormat": "Active Fluent-bit", + "legendFormat": "Active Pods", + "range": true, "refId": "A" }, { - "expr": "sum(kube_node_status_condition{condition=\"Ready\",status=\"true\"})", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(kube_node_status_condition{job=\"kube-state-metrics\",condition=\"Ready\",status=\"true\"})", "interval": "", "legendFormat": "Ready Nodes", + "range": true, "refId": "B" }, { - "expr": "sum(kube_node_status_condition{condition!=\"Ready\",status=\"true\"})", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(kube_node_status_condition{job=\"kube-state-metrics\",condition!=\"Ready\",status=\"true\"})", "interval": "", "legendFormat": "Non-Ready Nodes", + "range": true, "refId": "C" } ], - "title": "", "transparent": true, "type": "stat" }, { "collapsed": false, - "datasource": null, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, "gridPos": { "h": 1, "w": 24, @@ -157,1080 +154,1309 @@ }, "id": 43, "panels": [], - "title": "FluentBit metrics", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "refId": "A" + } + ], + "title": "Fluent Bit Metrics", "type": "row" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 50, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" }, "overrides": [] }, - "fill": 5, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 5 }, - "hiddenSeries": false, "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_input_bytes_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_input_bytes_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}}name{{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Input Bytes Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 50, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" }, "overrides": [] }, - "fill": 5, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 5 }, - "hiddenSeries": false, "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_output_proc_bytes_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_output_proc_bytes_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}}name{{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Output Bytes Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 50, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "rps" }, "overrides": [] }, - "fill": 5, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 11 }, - "hiddenSeries": false, "id": 40, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_input_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_input_records_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}}name{{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Input Records Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 50, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "rps" }, "overrides": [] }, - "fill": 5, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 11 }, - "hiddenSeries": false, "id": 41, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_output_proc_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_output_proc_records_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}}name{{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Output Record Processing Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 17 }, - "hiddenSeries": false, "id": 11, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_output_retries_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_output_retries_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}}pod{{"}}"}} Retries to {{"{{"}}name{{"}}"}}", + "legendFormat": "{{ `{{pod}} Retries to {{name}}` }}", + "range": true, "refId": "A" }, { - "expr": "sum(rate(fluentbit_output_retries_failed_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_output_retries_failed_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}}pod{{"}}"}} Failed Retries to {{"{{"}} name {{"}}"}}", + "legendFormat": "{{ `{{pod}} Failed Retries to {{ name }}` }}", + "range": true, "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Output Retry/Failed Rates", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {}, - "links": [] + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "errors/sec" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 17 }, - "hiddenSeries": false, "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_output_errors_total{pod=~\"$pod\"}[1m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_output_errors_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 1, - "legendFormat": "{{"{{"}} pod {{"}}"}}/{{"{{"}} name {{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Output Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "errors/sec", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 23 }, - "hiddenSeries": false, - "id": 47, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", + "id": 54, "options": { - "alertThreshold": true + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_filter_drop_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_filter_bytes_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} / {{"{{"}} name {{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filter Drop", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "title": "Filter Bytes", + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "rps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 23 }, - "hiddenSeries": false, - "id": 48, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", + "id": 55, "options": { - "alertThreshold": true + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "sum(rate(fluentbit_filter_add_records_total{pod=~\"$pod\"}[5m])) by (pod, instance, name)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_filter_records_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} / {{"{{"}} name {{"}}"}}", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filter Add", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" + "title": "Filter Records", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 31 + }, + "id": 48, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_filter_add_records_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", + "interval": "", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, + "refId": "A" } ], - "yaxis": { - "align": false, - "alignLevel": null - } + "title": "Filter Add Records", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 31 + }, + "id": 47, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.5.3", + "targets": [ + { + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(rate(fluentbit_filter_drop_records_total{job=\"$release\",namespace=\"$namespace\"}[5m])) by (pod, name)", + "interval": "", + "legendFormat": "{{ `{{pod}}/{{name}}` }}", + "range": true, + "refId": "A" + } + ], + "title": "Filter Drop Records", + "type": "timeseries" }, { "collapsed": false, - "datasource": null, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 31 + "y": 39 }, "id": 53, "panels": [], - "title": "Kubernetes metrics", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "refId": "A" + } + ], + "title": "Kubernetes Metrics", "type": "row" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.* request/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2CC0C", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, - "y": 32 + "y": 40 }, - "hiddenSeries": false, "id": 51, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.* request/", - "color": "#F2CC0C", - "fill": 0 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "container_memory_working_set_bytes{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\",pod=~\"$pod\", image!=\"\", container!=\"POD\"}\n", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\",namespace=\"$namespace\",pod=~\"$pod\",container=\"fluent-bit\"}) by (pod)", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}}", + "legendFormat": "{{ `{{pod}}` }}", + "range": true, "refId": "A" }, { - "expr": "avg(kube_pod_container_resource_requests_memory_bytes{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\",pod=~\"$pod\"}) by (pod)", + "datasource": { + "uid": "$DS_PROMETHEUS" + }, + "editorMode": "code", + "expr": "avg(kube_pod_container_resource_requests{job=\"kube-state-metrics\",namespace=\"$namespace\",pod=~\"$pod\", container=\"fluent-bit\",resource=\"memory\"})", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} request", + "legendFormat": "request", + "range": true, "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$DS_PROMETHEUS", + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.* request/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2CC0C", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, - "y": 32 + "y": 40 }, - "hiddenSeries": false, "id": 50, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.1", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.* request/", - "color": "#F2CC0C", - "fill": 0 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "9.5.3", "targets": [ { - "expr": "rate(container_cpu_usage_seconds_total{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\",pod=~\"$pod\",image!=\"\",container!=\"POD\"}[5m])", + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\",pod=~\"$pod\",container=\"fluent-bit\"}) by (pod)", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}}", + "legendFormat": "{{ `{{ pod }}` }}", + "range": true, "refId": "A" }, { - "expr": "avg(kube_pod_container_resource_requests_cpu_cores{pod=~\"$pod\"}) by (pod)", + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "avg(kube_pod_container_resource_requests{job=\"kube-state-metrics\",namespace=\"$namespace\",pod=~\"$pod\",container=\"fluent-bit\",resource=\"cpu\"})", "interval": "", - "legendFormat": "{{"{{"}} pod {{"}}"}} request", + "legendFormat": "{{ `{{ pod }} request` }}", + "range": true, "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" } ], "refresh": "5s", - "schemaVersion": 26, + "schemaVersion": 38, "style": "dark", "tags": [], "templating": { "list": [ { "current": { - "selected": true, - "text": "prometheus", - "value": "prometheus" + "selected": false, + "text": "Prometheus", + "value": "Prometheus" }, "hide": 0, "includeAll": false, @@ -1246,31 +1472,64 @@ "type": "datasource" }, { - "allValue": null, - "current": {}, - "datasource": "$DS_PROMETHEUS", - "definition": "label_values(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"}, pod)", + "allValue": "$fullname-.*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "$DS_PROMETHEUS" + }, + "definition": "label_values(kube_pod_info{job=\"kube-state-metrics\",namespace=\"$namespace\",created_by_kind=\"DaemonSet\",created_by_name=\"$release\"},pod)", "hide": 0, "includeAll": true, "label": "pod", "multi": false, "name": "pod", "options": [], - "query": "label_values(kube_pod_info{pod=~\".*{{ include "fluent-bit.fullname" . }}.*\"}, pod)", + "query": { + "query": "label_values(kube_pod_info{job=\"kube-state-metrics\",namespace=\"$namespace\",created_by_kind=\"DaemonSet\",created_by_name=\"$release\"},pod)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false + }, + { + "hide": 2, + "label": "Namespace", + "name": "namespace", + "query": "{{ .Release.Namespace }}", + "skipUrlSync": false, + "type": "constant" + }, + { + "hide": 2, + "label": "Release", + "name": "release", + "query": "{{ .Release.Name }}", + "skipUrlSync": false, + "type": "constant" + }, + { + "hide": 2, + "label": "Full Name", + "name": "fullname", + "query": "{{ include "fluent-bit.fullname" . }}", + "skipUrlSync": false, + "type": "constant" } ] }, "time": { - "from": "now-15m", + "from": "now-30m", "to": "now" }, "timepicker": { @@ -1300,6 +1559,7 @@ }, "timezone": "", "title": "{{ include "fluent-bit.fullname" . }}", - "uid": "{{ include "fluent-bit.fullname" . }}", - "version": 2 -} + "uid": "d557c8f6-cac1-445f-8ade-4c351a9076b1", + "version": 7, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/_helpers.tpl b/charts/kubezero-logging/charts/fluent-bit/templates/_helpers.tpl index f73daf9..84a3056 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/_helpers.tpl +++ b/charts/kubezero-logging/charts/fluent-bit/templates/_helpers.tpl @@ -62,6 +62,15 @@ Create the name of the service account to use {{- end -}} {{- end -}} +{{/* +Fluent-bit image with tag/digest +*/}} +{{- define "fluent-bit.image" -}} +{{- $tag := ternary "" (printf ":%s" (toString .tag)) (or (empty .tag) (eq "-" (toString .tag))) -}} +{{- $digest := ternary "" (printf "@%s" .digest) (empty .digest) -}} +{{- printf "%s%s%s" .repository $tag $digest -}} +{{- end -}} + {{/* Ingress ApiVersion according k8s version */}} @@ -104,3 +113,26 @@ policy/v1 policy/v1beta1 {{- end }} {{- end -}} + +{{/* +HPA ApiVersion according k8s version +Check legacy first so helm template / kustomize will default to latest version +*/}} +{{- define "fluent-bit.hpa.apiVersion" -}} +{{- if and (.Capabilities.APIVersions.Has "autoscaling/v2beta2") (semverCompare "<1.23-0" .Capabilities.KubeVersion.GitVersion) -}} +autoscaling/v2beta2 +{{- else -}} +autoscaling/v2 +{{- end -}} +{{- end -}} + +{{/* +Create the name of OpenShift SecurityContextConstraints to use +*/}} +{{- define "fluent-bit.openShiftSccName" -}} +{{- if not .Values.openShift.securityContextConstraints.create -}} +{{- printf "%s" .Values.openShift.securityContextConstraints.existingName -}} +{{- else -}} +{{- printf "%s" (default (include "fluent-bit.fullname" .) .Values.openShift.securityContextConstraints.name) -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl b/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl index 4e94439..7f74f4a 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl +++ b/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl @@ -38,7 +38,7 @@ containers: securityContext: {{- toYaml . | nindent 6 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" + image: {{ include "fluent-bit.image" (merge .Values.image (dict "tag" (default .Chart.AppVersion .Values.image.tag))) | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if or .Values.env .Values.envWithTpl }} env: @@ -54,14 +54,17 @@ containers: envFrom: {{- toYaml .Values.envFrom | nindent 6 }} {{- end }} - {{- if .Values.args }} - args: - {{- toYaml .Values.args | nindent 6 }} - {{- end}} - {{- if .Values.command }} + {{- with .Values.command }} command: - {{- toYaml .Values.command | nindent 6 }} + {{- toYaml . | nindent 6 }} {{- end }} + {{- if or .Values.args .Values.hotReload.enabled }} + args: + {{- toYaml .Values.args | nindent 6 }} + {{- if .Values.hotReload.enabled }} + - --enable-hot-reload + {{- end }} + {{- end}} ports: - name: http containerPort: {{ .Values.metricsPort }} @@ -86,16 +89,11 @@ containers: {{- toYaml . | nindent 6 }} {{- end }} volumeMounts: - {{- toYaml .Values.volumeMounts | nindent 6 }} - {{- range $key, $val := .Values.config.extraFiles }} - name: config - mountPath: /fluent-bit/etc/{{ $key }} - subPath: {{ $key }} - {{- end }} - {{- range $key, $value := .Values.luaScripts }} + mountPath: /fluent-bit/etc/conf + {{- if or .Values.luaScripts .Values.hotReload.enabled }} - name: luascripts - mountPath: /fluent-bit/scripts/{{ $key }} - subPath: {{ $key }} + mountPath: /fluent-bit/scripts {{- end }} {{- if eq .Values.kind "DaemonSet" }} {{- toYaml .Values.daemonSetVolumeMounts | nindent 6 }} @@ -103,14 +101,31 @@ containers: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 6 }} {{- end }} - {{- if .Values.extraContainers }} - {{- toYaml .Values.extraContainers | nindent 2 }} - {{- end }} +{{- if .Values.hotReload.enabled }} + - name: reloader + image: {{ include "fluent-bit.image" .Values.hotReload.image }} + args: + - {{ printf "-webhook-url=http://localhost:%s/api/v2/reload" (toString .Values.metricsPort) }} + - -volume-dir=/watch/config + - -volume-dir=/watch/scripts + volumeMounts: + - name: config + mountPath: /watch/config + - name: luascripts + mountPath: /watch/scripts + {{- with .Values.hotReload.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} +{{- end }} +{{- if .Values.extraContainers }} + {{- toYaml .Values.extraContainers | nindent 2 }} +{{- end }} volumes: - name: config configMap: - name: {{ if .Values.existingConfigMap }}{{ .Values.existingConfigMap }}{{- else }}{{ include "fluent-bit.fullname" . }}{{- end }} -{{- if gt (len .Values.luaScripts) 0 }} + name: {{ default (include "fluent-bit.fullname" .) .Values.existingConfigMap }} +{{- if or .Values.luaScripts .Values.hotReload.enabled }} - name: luascripts configMap: name: {{ include "fluent-bit.fullname" . }}-luascripts diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml index 94ff4ae..d44db63 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml @@ -15,6 +15,9 @@ rules: - nodes - nodes/proxy {{- end }} + {{- if .Values.rbac.eventsAccess }} + - events + {{- end }} verbs: - get - list @@ -29,13 +32,13 @@ rules: verbs: - use {{- end }} - {{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }} + {{- if .Values.openShift.enabled }} - apiGroups: - security.openshift.io resources: - securitycontextconstraints resourceNames: - - {{ include "fluent-bit.fullname" . }} + - {{ include "fluent-bit.openShiftSccName" . }} verbs: - use {{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/configmap-dashboards.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/configmap-dashboards.yaml index 7ab35cc..8047d51 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/configmap-dashboards.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/configmap-dashboards.yaml @@ -5,18 +5,16 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "fluent-bit.fullname" $ }}-dashboard-{{ trimSuffix ".json" (base $path) }} - {{- with $.Values.dashboards.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default $.Release.Namespace $.Values.dashboards.namespace }} {{- with $.Values.dashboards.annotations }} annotations: {{- toYaml . | nindent 4 -}} {{- end }} labels: {{- include "fluent-bit.labels" $ | nindent 4 }} - {{ $.Values.dashboards.labelKey }}: "1" + {{ $.Values.dashboards.labelKey }}: {{ $.Values.dashboards.labelValue | quote }} data: - {{ base $path }}: | + {{ include "fluent-bit.fullname" $ }}-{{ base $path }}: | {{- tpl ($.Files.Get $path) $ | nindent 4 }} --- {{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/configmap-luascripts.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/configmap-luascripts.yaml index 0350b4f..c9d152c 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/configmap-luascripts.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/configmap-luascripts.yaml @@ -1,8 +1,9 @@ -{{- if gt (len .Values.luaScripts) 0 -}} +{{- if or .Values.luaScripts .Values.hotReload.enabled -}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "fluent-bit.fullname" . }}-luascripts + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} data: diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml index 5174d5d..37821d3 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml @@ -1,8 +1,9 @@ -{{- if (empty .Values.existingConfigMap) -}} +{{- if not .Values.existingConfigMap -}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} data: diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml index 7afa004..1257095 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.labels }} @@ -25,17 +26,23 @@ spec: {{- end }} template: metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} labels: {{- include "fluent-bit.selectorLabels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }} + annotations: + {{- if not .Values.hotReload.enabled }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.luaScripts }} + checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }} + {{- end }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} spec: {{- include "fluent-bit.pod" . | nindent 6 }} {{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml index f42ac03..7ba61b5 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.labels }} @@ -28,17 +29,23 @@ spec: {{- end }} template: metadata: + labels: + {{- include "fluent-bit.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or (not .Values.hotReload.enabled) .Values.podAnnotations }} annotations: + {{- if not .Values.hotReload.enabled }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.luaScripts }} checksum/luascripts: {{ include (print $.Template.BasePath "/configmap-luascripts.yaml") . | sha256sum }} + {{- end }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - labels: - {{- include "fluent-bit.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} spec: {{- include "fluent-bit.pod" . | nindent 6 }} {{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/hpa.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/hpa.yaml index aceae6b..243459f 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/hpa.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/hpa.yaml @@ -1,8 +1,9 @@ {{- if and ( eq .Values.kind "Deployment" ) .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "fluent-bit.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} spec: diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/ingress.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/ingress.yaml index a8acc13..6c01be5 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/ingress.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/ingress.yaml @@ -9,6 +9,7 @@ apiVersion: {{ include "fluent-bit.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/networkpolicy.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/networkpolicy.yaml index 92c0bf3..aee927c 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/networkpolicy.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: "networking.k8s.io/v1" kind: "NetworkPolicy" metadata: name: {{ include "fluent-bit.fullname" . | quote }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} spec: diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/pdb.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/pdb.yaml index be1acbb..d073f67 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/pdb.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "fluent-bit.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.podDisruptionBudget.annotations }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/prometheusrule.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/prometheusrule.yaml index d8dd951..26e92e5 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/prometheusrule.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/prometheusrule.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ include "fluent-bit.fullname" . }} - {{- with .Values.prometheusRule.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default $.Release.Namespace .Values.prometheusRule.namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- if .Values.prometheusRule.additionalLabels }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml index 300a8ed..5c59910 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml @@ -2,11 +2,13 @@ apiVersion: security.openshift.io/v1 kind: SecurityContextConstraints metadata: - name: {{ include "fluent-bit.fullname" . }} -{{- if .Values.openShift.securityContextConstraints.annotations }} + name: {{ include "fluent-bit.openShiftSccName" . }} + labels: + {{- include "fluent-bit.labels" . | nindent 4 }} + {{- with .Values.openShift.securityContextConstraints.annotations }} annotations: - {{- toYaml .Values.openShift.securityContextConstraints.annotations | nindent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} allowPrivilegedContainer: true allowPrivilegeEscalation: true allowHostDirVolumePlugin: true @@ -18,10 +20,10 @@ allowHostPorts: false allowHostPID: false allowedCapabilities: [] forbiddenSysctls: -- "*" + - "*" readOnlyRootFilesystem: false requiredDropCapabilities: -- MKNOD + - MKNOD runAsUser: type: RunAsAny seLinuxContext: @@ -30,8 +32,10 @@ supplementalGroups: type: RunAsAny volumes: - configMap + - downwardAPI - emptyDir - hostPath - persistentVolumeClaim + - projected - secret {{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml index 4b8b9c6..6ee9cda 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.service.labels }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/serviceaccount.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/serviceaccount.yaml index 1be6e74..57c4eb9 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/serviceaccount.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "fluent-bit.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml index b75315a..2b79cdb 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml @@ -3,18 +3,14 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "fluent-bit.fullname" . }} - {{- with .Values.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.serviceMonitor.selector }} {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if .Values.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.serviceMonitor.jobLabel }} - {{- end }} + jobLabel: app.kubernetes.io/instance endpoints: - port: http path: /api/v1/metrics/prometheus diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/tests/test-connection.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/tests/test-connection.yaml index 659f970..9f24683 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/tests/test-connection.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/tests/test-connection.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Pod metadata: name: "{{ include "fluent-bit.fullname" . }}-test-connection" + namespace: {{ default .Release.Namespace .Values.testFramework.namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} annotations: @@ -10,7 +11,7 @@ metadata: spec: containers: - name: wget - image: "{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}" + image: {{ include "fluent-bit.image" .Values.testFramework.image | quote }} imagePullPolicy: {{ .Values.testFramework.image.pullPolicy }} command: ['wget'] args: ['{{ include "fluent-bit.fullname" . }}:{{ .Values.service.port }}'] diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml index 7a5f20f..58dfaa0 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml @@ -3,6 +3,7 @@ apiVersion: autoscaling.k8s.io/v1 kind: VerticalPodAutoscaler metadata: name: {{ include "fluent-bit.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "fluent-bit.labels" . | nindent 4 }} {{- with .Values.autoscaling.vpa.annotations }} diff --git a/charts/kubezero-logging/charts/fluent-bit/values.yaml b/charts/kubezero-logging/charts/fluent-bit/values.yaml index 0655bab..2b5167c 100644 --- a/charts/kubezero-logging/charts/fluent-bit/values.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/values.yaml @@ -9,15 +9,19 @@ replicaCount: 1 image: repository: cr.fluentbit.io/fluent/fluent-bit # Overrides the image tag whose default is {{ .Chart.AppVersion }} - tag: "" + # Set to "-" to not use the default value + tag: + digest: pullPolicy: Always testFramework: enabled: true + namespace: image: repository: busybox pullPolicy: Always tag: latest + digest: imagePullSecrets: [] nameOverride: "" @@ -31,6 +35,7 @@ serviceAccount: rbac: create: true nodeAccess: false + eventsAccess: false # Configure podsecuritypolicy # Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ @@ -41,13 +46,16 @@ podSecurityPolicy: create: false annotations: {} +# OpenShift-specific configuration openShift: - # Sets Openshift support enabled: false - # Creates SCC for Fluent-bit when Openshift support is enabled securityContextConstraints: + # Create SCC for Fluent-bit and allow use it create: true + name: "" annotations: {} + # Use existing SCC in cluster, rather then create new one + existingName: "" podSecurityContext: {} # fsGroup: 2000 @@ -95,31 +103,30 @@ service: serviceMonitor: enabled: false -# namespace: monitoring -# interval: 10s -# scrapeTimeout: 10s -# jobLabel: fluentbit -# selector: -# prometheus: my-prometheus -# ## metric relabel configs to apply to samples before ingestion. -# ## -# metricRelabelings: -# - sourceLabels: [__meta_kubernetes_service_label_cluster] -# targetLabel: cluster -# regex: (.*) -# replacement: ${1} -# action: replace -# ## relabel configs to apply to samples after ingestion. -# ## -# relabelings: -# - sourceLabels: [__meta_kubernetes_pod_node_name] -# separator: ; -# regex: ^(.*)$ -# targetLabel: nodename -# replacement: $1 -# action: replace -# scheme: "" -# tlsConfig: {} + # namespace: monitoring + # interval: 10s + # scrapeTimeout: 10s + # selector: + # prometheus: my-prometheus + # ## metric relabel configs to apply to samples before ingestion. + # ## + # metricRelabelings: + # - sourceLabels: [__meta_kubernetes_service_label_cluster] + # targetLabel: cluster + # regex: (.*) + # replacement: ${1} + # action: replace + # ## relabel configs to apply to samples after ingestion. + # ## + # relabelings: + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # scheme: "" + # tlsConfig: {} ## Beare in mind if youn want to collec metrics from a different port ## you will need to configure the new ports on the extraPorts property. @@ -167,13 +174,14 @@ prometheusRule: dashboards: enabled: false labelKey: grafana_dashboard + labelValue: 1 annotations: {} namespace: "" lifecycle: {} - # preStop: - # exec: - # command: ["/bin/sh", "-c", "sleep 20"] +# preStop: +# exec: +# command: ["/bin/sh", "-c", "sleep 20"] livenessProbe: httpGet: @@ -196,15 +204,15 @@ resources: {} ## only available if kind is Deployment ingress: enabled: false - className: "" + ingressClassName: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" hosts: [] # - host: fluent-bit.example.tld extraHosts: [] # - host: fluent-bit-extra.example.tld - ## specify extraPort number + ## specify extraPort number # port: 5170 tls: [] # - secretName: fluent-bit-example-tld @@ -239,17 +247,17 @@ autoscaling: minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 75 -# targetMemoryUtilizationPercentage: 75 - ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics + # targetMemoryUtilizationPercentage: 75 + ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics customRules: [] -# - type: Pods -# pods: -# metric: -# name: packets-per-second -# target: -# type: AverageValue -# averageValue: 1k - ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior + # - type: Pods + # pods: + # metric: + # name: packets-per-second + # target: + # type: AverageValue + # averageValue: 1k + ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior behavior: {} # scaleDown: # policies: @@ -347,8 +355,8 @@ config: Daemon Off Flush {{ .Values.flush }} Log_Level {{ .Values.logLevel }} - Parsers_File parsers.conf - Parsers_File custom_parsers.conf + Parsers_File /fluent-bit/etc/parsers.conf + Parsers_File /fluent-bit/etc/conf/custom_parsers.conf HTTP_Server On HTTP_Listen 0.0.0.0 HTTP_Port {{ .Values.metricsPort }} @@ -410,7 +418,7 @@ config: Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%L - # This allows adding more files with arbitary filenames to /fluent-bit/etc by providing key/value pairs. + # This allows adding more files with arbitary filenames to /fluent-bit/etc/conf by providing key/value pairs. # The key becomes the filename, the value becomes the file content. extraFiles: {} # upstream.conf: | @@ -430,11 +438,7 @@ config: # The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname" volumeMounts: - name: config - mountPath: /fluent-bit/etc/fluent-bit.conf - subPath: fluent-bit.conf - - name: config - mountPath: /fluent-bit/etc/custom_parsers.conf - subPath: custom_parsers.conf + mountPath: /fluent-bit/etc/conf daemonSetVolumes: - name: varlog @@ -458,9 +462,12 @@ daemonSetVolumeMounts: mountPath: /etc/machine-id readOnly: true -args: [] +command: + - /fluent-bit/bin/fluent-bit -command: [] +args: + - --workdir=/fluent-bit/etc + - --config=/fluent-bit/etc/conf/fluent-bit.conf # This supports either a structured array or a templatable string initContainers: [] @@ -478,3 +485,12 @@ initContainers: [] # command: ['kubectl', 'version'] logLevel: info + +hotReload: + enabled: false + image: + repository: ghcr.io/jimmidyson/configmap-reload + tag: v0.11.1 + digest: + pullPolicy: IfNotPresent + resources: {} diff --git a/charts/kubezero-logging/charts/fluentd/Chart.yaml b/charts/kubezero-logging/charts/fluentd/Chart.yaml index cad0e09..b0f99ac 100644 --- a/charts/kubezero-logging/charts/fluentd/Chart.yaml +++ b/charts/kubezero-logging/charts/fluentd/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v1.14.6 +appVersion: v1.15.2 description: A Helm chart for Kubernetes home: https://www.fluentd.org/ icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png @@ -12,4 +12,4 @@ name: fluentd sources: - https://github.com/fluent/fluentd/ - https://github.com/fluent/fluentd-kubernetes-daemonset -version: 0.3.9 +version: 0.4.3 diff --git a/charts/kubezero-logging/charts/fluentd/README.md b/charts/kubezero-logging/charts/fluentd/README.md index 2156a9b..ab103a3 100644 --- a/charts/kubezero-logging/charts/fluentd/README.md +++ b/charts/kubezero-logging/charts/fluentd/README.md @@ -16,6 +16,17 @@ To install a release named `fluentd`, run: ```sh helm install fluentd fluent/fluentd ``` +## Upgrading + +### To 0.4.0 + +Although the services will deploy and generally work, version 0.4.0 introduces some changes that are considered _breaking changes_. To upgrade, you should do the following to avoid any potential conflicts or problems: + +- Add the `mountVarLogDirectory` and `mountDockerContainersDirectory` values and set them to the values you need; to follow the previous setup where these were mounted by default, set the values to `true`, e.g. `mountVarLogDirectory: true` +- If you have the `varlog` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountVarLogDirectory` to true +- If you have the `varlibdockercontainers` mount point defined and enabled under both `volumes` and `volumeMounts`, set `mountDockerContainersDirectory` to true +- Remove the previous default volume and volume mount definitions - `etcfluentd-main`, `etcfluentd-config`, `varlog`, and `varlibdockercontainers` +- Remove the `FLUENTD_CONF` entry from the `env:` list ## Chart Values diff --git a/charts/kubezero-logging/charts/fluentd/templates/_helpers.tpl b/charts/kubezero-logging/charts/fluentd/templates/_helpers.tpl index ffef2ac..72e878d 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/_helpers.tpl +++ b/charts/kubezero-logging/charts/fluentd/templates/_helpers.tpl @@ -61,3 +61,32 @@ Create the name of the service account to use {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Shortened version of the releaseName, applied as a suffix to numerous resources. +*/}} +{{- define "fluentd.shortReleaseName" -}} +{{- .Release.Name | trunc 35 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Name of the configMap used for the fluentd.conf configuration file; allows users to override the default. +*/}} +{{- define "fluentd.mainConfigMapName" -}} +{{- if .Values.mainConfigMapNameOverride -}} + {{ .Values.mainConfigMapNameOverride }} +{{- else -}} + {{ printf "%s-%s" "fluentd-main" ( include "fluentd.shortReleaseName" . ) }} +{{- end -}} +{{- end -}} + +{{/* +Name of the configMap used for additional configuration files; allows users to override the default. +*/}} +{{- define "fluentd.extraFilesConfigMapName" -}} +{{- if .Values.extraFilesConfigMapNameOverride -}} + {{ printf "%s" .Values.extraFilesConfigMapNameOverride }} +{{- else -}} + {{ printf "%s-%s" "fluentd-config" ( include "fluentd.shortReleaseName" . ) }} +{{- end -}} +{{- end -}} diff --git a/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl b/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl index db217d6..f77fb2f 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl +++ b/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl @@ -33,13 +33,15 @@ containers: {{- end }} exec /fluentd/entrypoint.sh {{- end }} - {{- if .Values.env }} env: - {{- toYaml .Values.env | nindent 6 }} - {{- end }} + - name: FLUENTD_CONF + value: "../../../etc/fluent/fluent.conf" + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 4 }} + {{- end }} {{- if .Values.envFrom }} envFrom: - {{- toYaml .Values.envFrom | nindent 6 }} + {{- toYaml .Values.envFrom | nindent 4 }} {{- end }} ports: - name: metrics @@ -61,23 +63,58 @@ containers: resources: {{- toYaml .Values.resources | nindent 8 }} volumeMounts: - {{- toYaml .Values.volumeMounts | nindent 6 }} - {{- range $key := .Values.configMapConfigs }} - {{- print "- name: fluentd-custom-cm-" $key | nindent 6 }} - {{- print "mountPath: /etc/fluent/" $key ".d" | nindent 8 }} - {{- end }} - {{- if .Values.persistence.enabled }} - - mountPath: /var/log/fluent - name: {{ include "fluentd.fullname" . }}-buffer - {{- end }} + - name: etcfluentd-main + mountPath: /etc/fluent + - name: etcfluentd-config + mountPath: /etc/fluent/config.d/ + {{- if .Values.mountVarLogDirectory }} + - name: varlog + mountPath: /var/log + {{- end }} + {{- if .Values.mountDockerContainersDirectory }} + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + {{- end }} + {{- if .Values.volumeMounts -}} + {{- toYaml .Values.volumeMounts | nindent 4 }} + {{- end -}} + {{- range $key := .Values.configMapConfigs }} + {{- print "- name: " $key | nindent 4 }} + {{- print "mountPath: /etc/fluent/" $key ".d" | nindent 6 }} + {{- end }} + {{- if .Values.persistence.enabled }} + - mountPath: /var/log/fluent + name: {{ include "fluentd.fullname" . }}-buffer + {{- end }} volumes: - {{- toYaml .Values.volumes | nindent 2 }} - {{- range $key := .Values.configMapConfigs }} - {{- print "- name: fluentd-custom-cm-" $key | nindent 2 }} - configMap: - {{- print "name: " . | nindent 6 }} - defaultMode: 0777 - {{- end }} +- name: etcfluentd-main + configMap: + name: {{ include "fluentd.mainConfigMapName" . }} + defaultMode: 0777 +- name: etcfluentd-config + configMap: + name: {{ include "fluentd.extraFilesConfigMapName" . }} + defaultMode: 0777 +{{- if .Values.mountVarLogDirectory }} +- name: varlog + hostPath: + path: /var/log +{{- end }} +{{- if .Values.mountDockerContainersDirectory }} +- name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers +{{- end }} +{{- if .Values.volumes -}} +{{- toYaml .Values.volumes | nindent 0 }} +{{- end -}} +{{- range $key := .Values.configMapConfigs }} +{{- print "- name: " $key | nindent 0 }} + configMap: + {{- print "name: " $key "-" ( include "fluentd.shortReleaseName" $ ) | nindent 4 }} + defaultMode: 0777 +{{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 2 }} diff --git a/charts/kubezero-logging/charts/fluentd/templates/clusterrole.yaml b/charts/kubezero-logging/charts/fluentd/templates/clusterrole.yaml index 6d2b53f..bc0a572 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/clusterrole.yaml +++ b/charts/kubezero-logging/charts/fluentd/templates/clusterrole.yaml @@ -15,6 +15,7 @@ rules: - get - list - watch + {{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }} - apiGroups: - policy resourceNames: @@ -23,4 +24,5 @@ rules: - podsecuritypolicies verbs: - use + {{- end }} {{- end -}} diff --git a/charts/kubezero-logging/charts/fluentd/templates/configmap-dashboards.yaml b/charts/kubezero-logging/charts/fluentd/templates/configmap-dashboards.yaml index ce047b0..de0d5cf 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/configmap-dashboards.yaml +++ b/charts/kubezero-logging/charts/fluentd/templates/configmap-dashboards.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: dashboard-{{ trimSuffix ".json" (base $path) }} + name: dashboard-{{ trimSuffix ".json" (base $path) }}-{{ include "fluentd.shortReleaseName" $ }} namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }} labels: {{- include "fluentd.labels" $ | nindent 4 }} diff --git a/charts/kubezero-logging/charts/fluentd/templates/files.conf/prometheus.yaml b/charts/kubezero-logging/charts/fluentd/templates/files.conf/prometheus.yaml index 2b9be3c..e063d10 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/files.conf/prometheus.yaml +++ b/charts/kubezero-logging/charts/fluentd/templates/files.conf/prometheus.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: labels: {{- include "fluentd.labels" . | nindent 4 }} - name: fluentd-prometheus-conf + name: fluentd-prometheus-conf-{{ include "fluentd.shortReleaseName" . }} data: prometheus.conf: |- diff --git a/charts/kubezero-logging/charts/fluentd/templates/fluentd-configurations-cm.yaml b/charts/kubezero-logging/charts/fluentd/templates/fluentd-configurations-cm.yaml index 97e7613..f0c65af 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/fluentd-configurations-cm.yaml +++ b/charts/kubezero-logging/charts/fluentd/templates/fluentd-configurations-cm.yaml @@ -1,7 +1,9 @@ +{{- if not .Values.extraFilesConfigMapNameOverride }} +--- apiVersion: v1 kind: ConfigMap metadata: - name: fluentd-config + name: fluentd-config-{{ include "fluentd.shortReleaseName" . }} labels: {{- include "fluentd.labels" . | nindent 4 }} data: @@ -9,13 +11,14 @@ data: {{$key }}: |- {{- (tpl $value $) | nindent 4 }} {{- end }} +{{- end }} +{{- if not .Values.mainConfigMapNameOverride }} --- - apiVersion: v1 kind: ConfigMap metadata: - name: fluentd-main + name: fluentd-main-{{ include "fluentd.shortReleaseName" . }} labels: {{- include "fluentd.labels" . | nindent 4 }} data: @@ -32,3 +35,4 @@ data: {{- range $key := .Values.configMapConfigs }} {{- print "@include " $key ".d/*" | nindent 4 }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero-logging/charts/fluentd/templates/podsecuritypolicy.yaml b/charts/kubezero-logging/charts/fluentd/templates/podsecuritypolicy.yaml index 5b3f4e9..f0ebc0a 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/podsecuritypolicy.yaml +++ b/charts/kubezero-logging/charts/fluentd/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.podSecurityPolicy.enabled }} +{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -25,7 +25,7 @@ spec: - 'persistentVolumeClaim' {{- end }} runAsUser: - rule: 'RunAsAny' + rule: 'RunAsAny' seLinux: rule: 'RunAsAny' supplementalGroups: @@ -39,4 +39,4 @@ spec: - min: 1 max: 65535 readOnlyRootFilesystem: false -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero-logging/charts/fluentd/values.yaml b/charts/kubezero-logging/charts/fluentd/values.yaml index ebee339..9f47d78 100644 --- a/charts/kubezero-logging/charts/fluentd/values.yaml +++ b/charts/kubezero-logging/charts/fluentd/values.yaml @@ -27,8 +27,9 @@ serviceAccount: rbac: create: true -# Configure podsecuritypolicy -# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +# from Kubernetes 1.25, PSP is deprecated +# See: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes +# We automatically disable PSP if Kubernetes version is 1.25 or higher podSecurityPolicy: enabled: true annotations: {} @@ -163,9 +164,9 @@ updateStrategy: {} # maxUnavailable: 1 ## Additional environment variables to set for fluentd pods -env: -- name: "FLUENTD_CONF" - value: "../../../etc/fluent/fluent.conf" +env: [] + # - name: "FLUENTD_CONF" + # value: "../../../etc/fluent/fluent.conf" # - name: FLUENT_ELASTICSEARCH_HOST # value: "elasticsearch-master" # - name: FLUENT_ELASTICSEARCH_PORT @@ -175,32 +176,19 @@ envFrom: [] initContainers: [] -volumes: -- name: varlog - hostPath: - path: /var/log -- name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers -- name: etcfluentd-main - configMap: - name: fluentd-main - defaultMode: 0777 -- name: etcfluentd-config - configMap: - name: fluentd-config - defaultMode: 0777 +## Name of the configMap containing a custom fluentd.conf configuration file to use instead of the default. +# mainConfigMapNameOverride: "" -volumeMounts: -- name: varlog - mountPath: /var/log -- name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true -- name: etcfluentd-main - mountPath: /etc/fluent -- name: etcfluentd-config - mountPath: /etc/fluent/config.d/ +## Name of the configMap containing files to be placed under /etc/fluent/config.d/ +## NOTE: This will replace ALL default files in the aforementioned path! +# extraFilesConfigMapNameOverride: "" + +mountVarLogDirectory: true +mountDockerContainersDirectory: true + +volumes: [] + +volumeMounts: [] ## Only available if kind is StatefulSet ## Fluentd persistence @@ -295,9 +283,9 @@ plugins: [] ## Add fluentd config files from K8s configMaps ## -configMapConfigs: - - fluentd-prometheus-conf -# - fluentd-systemd-conf +configMapConfigs: [] +# - fluentd-prometheus-conf +# - fluentd-systemd-conf ## Fluentd configurations: ## diff --git a/charts/kubezero-logging/fluentd.patch b/charts/kubezero-logging/fluentd.patch index 0fa7332..f1c52a9 100644 --- a/charts/kubezero-logging/fluentd.patch +++ b/charts/kubezero-logging/fluentd.patch @@ -1,90 +1,3 @@ -diff -tubrN charts/fluentd/templates/files.conf/systemd.yaml charts/fluentd.zdt/templates/files.conf/systemd.yaml ---- charts/fluentd/templates/files.conf/systemd.yaml 2021-02-12 18:13:04.000000000 +0100 -+++ charts/fluentd.zdt/templates/files.conf/systemd.yaml 1970-01-01 01:00:00.000000000 +0100 -@@ -1,83 +0,0 @@ --apiVersion: v1 --kind: ConfigMap --metadata: -- labels: -- {{- include "fluentd.labels" . | nindent 4 }} -- name: fluentd-systemd-conf --data: -- systemd.conf: |- -- -- @type systemd -- @id in_systemd_internal_kubernetes -- @label @KUBERNETES_SYSTEM -- matches [{"_SYSTEMD_UNIT":"kubelet.service"},{"_SYSTEMD_UNIT":"kube-apiserver.service"},{"_SYSTEMD_UNIT":"kube-controller-manager.service"},{"_SYSTEMD_UNIT":"kube-proxy.service"},{"_SYSTEMD_UNIT":"kube-scheduler.service"}] -- read_from_head true -- tag "internal-kubernetes.systemd" -- -- @type "local" -- persistent true -- path "/var/log/fluentd-journald-internal_kubernetes-cursor.json" -- -- -- fields_strip_underscores true -- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"} -- field_map_strict true -- -- -- -- -- @type systemd -- @id in_systemd_etcd -- @label @KUBERNETES_SYSTEM -- matches [{"_SYSTEMD_UNIT":"etcd.service"}] -- read_from_head true -- tag "etcd.systemd" -- -- @type "local" -- persistent true -- path "/var/log/fluentd-journald-internal_etcd-cursor.json" -- -- -- fields_strip_underscores true -- field_map {"MESSAGE": "message", "_TRANSPORT": "stream", "_SYSTEMD_UNIT": "systemd_unit", "_HOSTNAME": "hostname"} -- field_map_strict true -- -- -- -- diff -tubrN charts/fluentd/templates/fluentd-configurations-cm.yaml charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml --- charts/fluentd/templates/fluentd-configurations-cm.yaml 2021-02-12 18:13:04.000000000 +0100 +++ charts/fluentd.zdt/templates/fluentd-configurations-cm.yaml 2021-03-09 17:54:34.904992401 +0100 diff --git a/charts/kubezero-logging/update.sh b/charts/kubezero-logging/update.sh index 7f648f5..0a4f8f8 100755 --- a/charts/kubezero-logging/update.sh +++ b/charts/kubezero-logging/update.sh @@ -11,13 +11,17 @@ patch_chart eck-operator # fix ECK crds handling to adhere to proper helm v3 support which also fixes ArgoCD applying updates on upgrades mkdir charts/eck-operator/crds -helm template charts/eck-operator/charts/eck-operator-crds --name-template logging > charts/eck-operator/crds/all-crds.yaml +helm template charts/eck-operator/charts/eck-operator-crds --name-template logging --kube-version 1.26 > charts/eck-operator/crds/all-crds.yaml rm -rf charts/eck-operator/charts yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml +# fluent-bit +patch_chart fluent-bit + # FluentD patch_chart fluentd +rm -f charts/fluentd/templates/files.conf/systemd.yaml # Fetch dashboards from Grafana.com and update ZDT CM ../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/fluent-bit/grafana-dashboards.yaml diff --git a/charts/kubezero-logging/values.yaml b/charts/kubezero-logging/values.yaml index 7c62d8e..dde7e71 100644 --- a/charts/kubezero-logging/values.yaml +++ b/charts/kubezero-logging/values.yaml @@ -244,7 +244,7 @@ fluent-bit: image: #repository: public.ecr.aws/zero-downtime/fluent-bit - tag: 2.0.10 + #tag: 2.0.10 testFramework: enabled: false diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 120bc27..64b84e1 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -93,7 +93,7 @@ metrics: logging: enabled: false namespace: logging - targetRevision: 0.8.6 + targetRevision: 0.8.7 argocd: enabled: false