openstack/openstack-helm-infra
Code Issues Proposed changes
openstack-helm-infra/fluentd/templates/deployment-fluentd.yaml
Steve Wilkerson aee9708b06 Fluentd: Update configuration defaults and overrides 
This updates the default fluentd configuration to include
recommended settings for preventing the elasticsearch plugin from
reloading the connection after 10000 requests (default for the
ruby gem). This also updates the configuration overrides for the
fluentd-daemonset deployment to provide input parity with the
default fluentbit configuration by adding inputs for the docker
and kubelet systemd units, inputs for ceph, libvirt, kernel logs,
and auth logs on the host.  Finally, this updates the fluentd
template to include environment variables for the host name and
the fluentd pod name so they can be added to logged events through
fluentd filter plugins

Change-Id: I21f7a89a325c44f8b058ff01a20191bea1a210b4
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-06-03 16:00:44 +00:00

211 lines
8.0 KiB
YAML
Raw Blame History

{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_fluentd }}
{{- $envAll := . }}
{{- $mounts_fluentd := .Values.pod.mounts.fluentd.fluentd }}
{{- $rcControllerName := printf "%s-%s" $envAll.Release.Name "fluentd" }}
{{ tuple $envAll "fluentd" $rcControllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ $rcControllerName | quote }}
subjects:
- kind: ServiceAccount
name: {{ $rcControllerName | quote }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $rcControllerName | quote }}
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $rcControllerName | quote }}
rules:
- apiGroups:
- ""
resources:
- namespaces
- nodes
- pods
- services
- replicationcontrollers
- limitranges
verbs:
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- replicasets
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
---
{{- if eq .Values.deployment.type "Deployment" }}
apiVersion: apps/v1
kind: Deployment
{{- else if eq .Values.deployment.type "DaemonSet" }}
apiVersion: apps/v1
kind: DaemonSet
{{- end }}
metadata:
name: {{ $rcControllerName | quote }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if eq .Values.deployment.type "Deployment" }}
replicas: {{ .Values.pod.replicas.fluentd }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "fluentd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $rcControllerName | quote }}
{{ if and ($envAll.Values.pod.tolerations.fluentd.enabled) (eq .Values.deployment.type "DaemonSet") }}
{{ tuple $envAll "fluentd" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
{{- if eq .Values.deployment.type "Deployment" }}
affinity:
{{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{- end }}
nodeSelector:
{{ .Values.labels.fluentd.node_selector_key }}: {{ .Values.labels.fluentd.node_selector_value | quote }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.fluentd.timeout | default "30" }}
initContainers:
{{ tuple $envAll "fluentd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: fluentd
{{ tuple $envAll "fluentd" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.fluentd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "fluentd" "container" "fluentd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/fluentd.sh
- start
ports:
- name: forward
containerPort: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: metrics
containerPort: {{ tuple "fluentd" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
tcpSocket:
port: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 20
periodSeconds: 10
livenessProbe:
tcpSocket:
port: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 60
timeoutSeconds: 10
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: FLUENTD_PORT
value: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: ELASTICSEARCH_HOST
value: {{ tuple "elasticsearch" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | quote }}
- name: ELASTICSEARCH_PORT
value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "elasticsearch-user" | quote }}
key: ELASTICSEARCH_USERNAME
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "elasticsearch-user" | quote }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
- name: pod-tmp
mountPath: /tmp
{{- if eq .Values.deployment.type "DaemonSet" }}
- name: varlog
mountPath: /var/log
readOnly: true
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
{{- end }}
- name: pod-etc-fluentd
mountPath: /fluentd/etc
- name: fluentd-etc
mountPath: /fluentd/etc/fluent.conf
subPath: fluent.conf
readOnly: true
- name: fluentd-bin
mountPath: /tmp/fluentd.sh
subPath: fluentd.sh
readOnly: true
{{- if $mounts_fluentd.volumeMounts }}{{ toYaml $mounts_fluentd.volumeMounts | indent 12 }}{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
{{- if eq .Values.deployment.type "DaemonSet" }}
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
{{- end }}
- name: pod-etc-fluentd
emptyDir: {}
- name: fluentd-etc
secret:
secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }}
defaultMode: 0444
- name: fluentd-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }}
defaultMode: 0555
{{- if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }}
{{- end }}
View Git Blame Copy Permalink