Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-08 08:47:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/fluentd] Add missing features from stable/fluentd (#4215)

Browse Source 
* Add missing features from stable/fluentd

* Add Chart.lock

* Linting

* Add ingress

* add kubeversion parameter

* Document variables in the README

* Add missing entry and secrets

* Update dependency

* Fix ingress backend
This commit is contained in:
Alejandro Moreno
2021-01-15 17:25:56 +01:00
committed by GitHub
parent 91f94a3def
commit f8f81a3c89
11 changed files with 711 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/fluentd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.2.3
digest: sha256:3fc1fbf3ae204e0121f1e202d6d57f9381f3a45d8821647d1dfe0a475644da0c
generated: "2021-01-05T04:35:50.85829828Z"
version: 1.3.3
digest: sha256:264db18c8d0962b5c4340840f62306f45fe8d2c1c8999dd41c0f2d62fc93a220
generated: "2021-01-15T15:44:14.800715014Z"

2
bitnami/fluentd/Chart.yaml
View File

@@ -25,4 +25,4 @@ name: fluentd
sources:
- https://github.com/bitnami/bitnami-docker-fluentd
- https://www.fluentd.org/
version: 3.3.0
version: 3.4.0

22
bitnami/fluentd/README.md
View File

@@ -59,6 +59,7 @@ The following tables lists the configurable parameters of the fluentd chart and
| `image.tag` | Fluentd image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Fluentd image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` |
| `nameOverride` | String to partially override fluentd.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override fluentd.fullname template with a string | `nil` |
| `clusterDomain` | Kubernetes DNS domain name to use | `cluster.local` |
@@ -74,6 +75,7 @@ The following tables lists the configurable parameters of the fluentd chart and
| `forwarder.containerSecurityContext.*` | Other container security context to be included as-is in pod spec | `{ "privileged" : false, "allowPrivilegeEscalation": false, "capabilities": { "drop": ["ALL"] } }` |
| `forwarder.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` |
| `forwarder.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` |
| `forwarder.configMapFiles` | Files to be added to be config map. Ignored if `forwarder.configMap` is set | `Check values.yaml` |
| `forwarder.extraArgs` | Extra arguments for the Fluentd command line | `nil` |
| `forwarder.priorityClassName` | Set Pods Priority Class | `nil` |
| `forwarder.extraEnv` | Extra environment variables to pass to the container | `[]` |
@@ -131,6 +133,7 @@ The following tables lists the configurable parameters of the fluentd chart and
| `aggregator.containerSecurityContext.*` | Other container security context to be included as-is in pod spec | `{ "privileged" : false, "allowPrivilegeEscalation": false, "capabilities": { "drop": ["ALL"] } }` |
| `aggregator.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` |
| `aggregator.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` |
| `aggregator.configMapFiles` | Files to be added to be config map. Ignored if `aggregator.configMap` is set | `Check values.yaml` |
| `aggregator.port` | Kubernetes Service port - Fluentd transport port for the aggregators | `24224` |
| `aggregator.extraArgs` | Extra arguments for the Fluentd command line | `nil` |
| `aggregator.extraEnv` | Extra environment variables to pass to the container | `[]` |
@@ -141,6 +144,21 @@ The following tables lists the configurable parameters of the fluentd chart and
| `aggregator.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
| `aggregator.service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `aggregator.service.annotations` | Annotations for the aggregator service | `{}` |
| `aggregator.ingress.enabled` | Enable ingress controller resource | `false` |
| `aggregator.ingress.certManager` | Add annotations for cert-manager | `false` |
| `aggregator.ingress.hostname` | Default host for the ingress resource | `wordpress.local` |
| `aggregator.ingress.path` | Default path for the ingress resource | `/` |
| `aggregator.ingress.pathType` | How the path matching is interpreted | `ImplementationSpecific` |
| `aggregator.ingress.tls` | Create TLS Secret | `false` |
| `aggregator.ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) |
| `aggregator.ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` |
| `aggregator.ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` |
| `aggregator.ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` |
| `aggregator.ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` |
| `aggregator.ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` |
| `aggregator.ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `aggregator.ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `aggregator.ingress.secrets[0].key` | TLS Secret Key | `nil` |
| `aggregator.persistence.enabled` | Enable persistence volume for the aggregator | `false` |
| `aggregator.persistence.storageClass` | Persistent Volume storage class | `nil` |
| `aggregator.persistence.accessMode` | Persistent Volume access mode | `ReadWriteOnce` |
@@ -173,6 +191,10 @@ The following tables lists the configurable parameters of the fluentd chart and
| `aggregator.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `false` |
| `aggregator.serviceAccount.name` | The name of the ServiceAccount to create | Generated using the `fluentd.fullname` template |
| `aggregator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
| `aggregator.autoscaling.enabled` | Create an Horizontal Pod Autoscaler | `false` |
| `aggregator.autoscaling.minReplicas` | Minimum number of replicas for the HPA | `2` |
| `aggregator.autoscaling.maxReplicas` | Maximum number of replicas for the HPA | `5` |
| `aggregator.autoscaling.metrics` | Metrics for the HPA to manage the scaling | `Check values.yaml` |
| `aggregator.initContainers` | Additional init containers to add to the pods | `[]` |
| `aggregator.sidecars` | Add additional containers to the pods | `[]` |
| `aggregator.extraVolumes` | Extra volumes | `nil` |

20
bitnami/fluentd/templates/_helpers.tpl
View File

@@ -126,6 +126,7 @@ Validate data
{{- define "fluentd.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "fluentd.validateValues.deployment" .) -}}
{{- $messages := append $messages (include "fluentd.validateValues.ingress" .) -}}
{{- $messages := append $messages (include "fluentd.validateValues.rbac" .) -}}
{{- $messages := append $messages (include "fluentd.validateValues.serviceAccount" .) -}}
{{- $messages := without $messages "" -}}
@@ -144,6 +145,25 @@ fluentd:
{{- end -}}
{{- end -}}
{{/* Validate values of Fluentd - if the aggregator index is enabled there must be a port named http in the service */}}
{{- define "fluentd.validateValues.ingress" -}}
{{- if and .Values.aggregator.enabled .Values.aggregator.ingress.enabled (not .Values.aggregator.service.ports.http)}}
fluentd:
You have enabled the Ingress for the aggregator. The aggregator service needs to have a port named http for the Ingress to work.
Please, define it in your `values.yaml` file. For example:
aggregator:
service:
type: ClusterIP
ports:
http:
port: 9880
targetPort: http
protocol: TCP
{{- end -}}
{{- end -}}
{{/* Validate values of Fluentd - must create serviceAccount to create enable RBAC */}}
{{- define "fluentd.validateValues.rbac" -}}
{{- if not (typeIs "<nil>" .Values.rbac.create) -}}

60
bitnami/fluentd/templates/aggregator-configmap.yaml
View File

@@ -6,60 +6,8 @@ metadata:
labels: {{- include "fluentd.labels" . | nindent 4 }}
app.kubernetes.io/component: aggregator
data:
fluentd.conf: |
{{- if .Values.metrics.enabled -}}
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host ${hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host ${hostname}
</labels>
</source>
{{- end }}
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
# TCP input to receive logs from
{{- if and .Values.aggregator.port }}
<source>
@type forward
bind 0.0.0.0
port {{ .Values.aggregator.port }}
</source>
{{- end }}
# HTTP input for the liveness and readiness probes
<source>
@type http
bind 0.0.0.0
port 9880
</source>
# Throw the healthcheck to the standard output instead of forwarding it
<match fluentd.healthcheck>
@type stdout
</match>
# Send the logs to the standard output
<match **>
@type stdout
</match>
{{- range $key, $value := .Values.aggregator.configMapFiles }}
{{ $key }}: |
{{- include "fluentd.tplValue" (dict "value" $value "context" $) | nindent 4 }}
{{- end }}
{{- end -}}

20
bitnami/fluentd/templates/aggregator-hpa.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.aggregator.autoscaling.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "fluentd.fullname" . }}-aggregator-hpa
labels: {{- include "fluentd.labels" . | nindent 4 }}
app.kubernetes.io/component: aggregator
{{- if .Values.aggregator.annotations }}
annotations: {{- include "fluentd.tplValue" (dict "value" .Values.aggregator.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "fluentd.fullname" . }}
minReplicas: {{ .Values.aggregator.autoscaling.minReplicas }}
maxReplicas: {{ .Values.aggregator.autoscaling.maxReplicas }}
metrics:
{{- include "fluentd.tplValue" (dict "value" .Values.aggregator.autoscaling.metrics "context" $) | nindent 4 }}
{{- end }}

105
bitnami/fluentd/templates/forwarder-configmap.yaml
View File

@@ -6,105 +6,8 @@ metadata:
labels: {{- include "fluentd.labels" . | nindent 4 }}
app.kubernetes.io/component: forwarder
data:
fluentd.conf: |
{{- if .Values.metrics.enabled -}}
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host ${hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host ${hostname}
</labels>
</source>
# input plugin that collects metrics for in_tail plugin
<source>
@type prometheus_tail_monitor
<labels>
host ${hostname}
</labels>
</source>
{{- end }}
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
# HTTP input for the liveness and readiness probes
<source>
@type http
port 9880
</source>
# Throw the healthcheck to the standard output instead of forwarding it
<match fluentd.healthcheck>
@type stdout
</match>
# Get the logs from the containers running in the node
<source>
@type tail
path /var/log/containers/*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
tag kubernetes.*
read_from_head true
<parse>
@type regexp
expression /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>
# enrich with kubernetes metadata
<filter kubernetes.**>
@type kubernetes_metadata
</filter>
{{ if .Values.aggregator.enabled }}
# Forward all logs to the aggregators
<match **>
@type forward
{{- $fullName := (include "fluentd.fullname" .) }}
{{- $global := . }}
{{- $domain := default "cluster.local" .Values.clusterDomain }}
{{- $port := .Values.aggregator.port | int }}
{{- range $i, $e := until (.Values.aggregator.replicaCount | int) }}
<server>
{{ printf "host %s-%d.%s-headless.%s.svc.%s" $fullName $i $fullName $global.Release.Namespace $domain }}
{{ printf "port %d" $port }}
{{- if ne $i 0 }}
standby
{{- end }}
</server>
{{- end}}
<buffer>
@type file
path /opt/bitnami/fluentd/logs/buffers/logs.buffer
flush_thread_count 2
flush_interval 5s
</buffer>
</match>
{{- else }}
# Send the logs to the standard output
<match **>
@type stdout
</match>
{{- end -}}
{{- range $key, $value := .Values.forwarder.configMapFiles }}
{{ $key }}: |
{{- include "fluentd.tplValue" (dict "value" $value "context" $) | nindent 4 }}
{{- end }}
{{- end -}}

56
bitnami/fluentd/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,56 @@
{{- if and .Values.aggregator.enabled .Values.aggregator.ingress.enabled }}
{{- $serviceName := printf "%s-aggregator" (include "fluentd.fullname" .) -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "fluentd.fullname" . }}-aggregator
labels: {{- include "fluentd.labels" . | nindent 4 }}
app.kubernetes.io/component: aggregator
app: aggregator
annotations:
{{- if .Values.aggregator.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.aggregator.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.aggregator.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .Values.aggregator.ingress.hostname }}
- host: {{ .Values.aggregator.ingress.hostname }}
http:
paths:
{{- if .Values.aggregator.ingress.extraPaths }}
{{- toYaml .Values.aggregator.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.aggregator.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.aggregator.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" "$serviceName" "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.aggregator.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" "$serviceName" "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.aggregator.ingress.tls .Values.aggregator.ingress.extraTls }}
tls:
{{- if .Values.aggregator.ingress.tls }}
- hosts:
- {{ .Values.aggregator.ingress.hostname }}
{{- range .Values.aggregator.ingress.extraHosts }}
- {{ .name }}
{{- end }}
secretName: {{ printf "%s-tls" .Values.aggregator.ingress.hostname }}
{{- end }}
{{- if .Values.aggregator.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.aggregator.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

21
bitnami/fluentd/templates/tls-certs.yaml
View File

@@ -1,3 +1,24 @@
{{- if and .Values.aggregator.ingress.enabled .Values.aggregator.ingress.secrets }}
{{- range .Values.aggregator.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and (not .Values.tls.existingSecret) ( .Values.tls.enabled) }}
apiVersion: v1
kind: Secret

282
bitnami/fluentd/values-production.yaml
View File

@@ -26,6 +26,10 @@ image:
# pullSecrets:
# - myRegistryKeySecretName
## Force target Kubernetes version (using Helm capabilites if not set)
##
kubeVersion:
## String to partially override fluentd.fullname template (will maintain the release name)
##
# nameOverride:
@@ -69,7 +73,8 @@ forwarder:
##
# readOnlyRootFilesystem: true
capabilities:
drop: ['ALL']
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
@@ -81,6 +86,108 @@ forwarder:
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# HTTP input for the liveness and readiness probes
<source>
@type http
port 9880
</source>
# Get the logs from the containers running in the node
<source>
@type tail
path /var/log/containers/*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
tag kubernetes.*
read_from_head true
<parse>
@type json
</parse>
</source>
# enrich with kubernetes metadata
<filter kubernetes.**>
@type kubernetes_metadata
</filter>
fluentd-output.conf: |
# Throw the healthcheck to the standard output instead of forwarding it
<match fluentd.healthcheck>
@type stdout
</match>
{{ if .Values.aggregator.enabled }}
# Forward all logs to the aggregators
<match **>
@type forward
{{- $fullName := (include "fluentd.fullname" .) }}
{{- $global := . }}
{{- $domain := default "cluster.local" .Values.clusterDomain }}
{{- $port := .Values.aggregator.port | int }}
{{- range $i, $e := until (.Values.aggregator.replicaCount | int) }}
<server>
{{ printf "host %s-%d.%s-headless.%s.svc.%s" $fullName $i $fullName $global.Release.Namespace $domain }}
{{ printf "port %d" $port }}
{{- if ne $i 0 }}
standby
{{- end }}
</server>
{{- end}}
<buffer>
@type file
path /opt/bitnami/fluentd/logs/buffers/logs.buffer
flush_thread_count 2
flush_interval 5s
</buffer>
</match>
{{- else }}
# Send the logs to the standard output
<match **>
@type stdout
</match>
{{- end }}
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for in_tail plugin
<source>
@type prometheus_tail_monitor
<labels>
host #{hostname}
</labels>
</source>
## String with extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
@@ -365,7 +472,8 @@ aggregator:
##
# readOnlyRootFilesystem: true
capabilities:
drop: ['ALL']
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
@@ -377,6 +485,71 @@ aggregator:
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# TCP input to receive logs from
{{- if and .Values.aggregator.port }}
<source>
@type forward
bind 0.0.0.0
port {{ .Values.aggregator.port }}
</source>
{{- end }}
# HTTP input for the liveness and readiness probes
<source>
@type http
bind 0.0.0.0
port 9880
</source>
fluentd-output.conf: |
# Throw the healthcheck to the standard output
<match fluentd.healthcheck>
@type stdout
</match>
# Send the logs to the standard output
<match **>
@type stdout
</match>
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host #{hostname}
</labels>
</source>
## Port the Aggregator container will listen for logs. Leave it blank to ignore.
## You can specify other ports in the aggregator.containerPorts parameter
##
@@ -443,6 +616,90 @@ aggregator:
##
annotations: {}
## Configure the ingress resource that allows you to access the
## Fluentd aggregator. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
##
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
##
certManager: false
## Ingress Path type
##
pathType: ImplementationSpecific
## Override API Version (automatically detected if not set)
##
apiVersion:
## When the ingress is enabled, a host pointing to this will be created
##
hostname: fluentd.local
## The Path to WordPress. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.aggregator.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: fluentd.local
## path: /
##
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
## The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - fluentd.local
## secretName: fluentd.local-tls
##
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
secrets: []
## - name: fluentd.local-tls
## key:
## certificate:
##
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
@@ -563,6 +820,27 @@ aggregator:
##
annotations: {}
## Autoscaling parameters
## This is not recommended in a forwarder+aggregator architecture
##
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
## Persist data to a persistent volume
persistence:
enabled: false

282
bitnami/fluentd/values.yaml
View File

@@ -26,6 +26,10 @@ image:
# pullSecrets:
# - myRegistryKeySecretName
## Force target Kubernetes version (using Helm capabilites if not set)
##
kubeVersion:
## String to partially override fluentd.fullname template (will maintain the release name)
##
# nameOverride:
@@ -69,7 +73,8 @@ forwarder:
##
# readOnlyRootFilesystem: true
capabilities:
drop: ['ALL']
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
@@ -81,6 +86,108 @@ forwarder:
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# HTTP input for the liveness and readiness probes
<source>
@type http
port 9880
</source>
# Get the logs from the containers running in the node
<source>
@type tail
path /var/log/containers/*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
tag kubernetes.*
read_from_head true
<parse>
@type json
</parse>
</source>
# enrich with kubernetes metadata
<filter kubernetes.**>
@type kubernetes_metadata
</filter>
fluentd-output.conf: |
# Throw the healthcheck to the standard output instead of forwarding it
<match fluentd.healthcheck>
@type stdout
</match>
{{ if .Values.aggregator.enabled }}
# Forward all logs to the aggregators
<match **>
@type forward
{{- $fullName := (include "fluentd.fullname" .) }}
{{- $global := . }}
{{- $domain := default "cluster.local" .Values.clusterDomain }}
{{- $port := .Values.aggregator.port | int }}
{{- range $i, $e := until (.Values.aggregator.replicaCount | int) }}
<server>
{{ printf "host %s-%d.%s-headless.%s.svc.%s" $fullName $i $fullName $global.Release.Namespace $domain }}
{{ printf "port %d" $port }}
{{- if ne $i 0 }}
standby
{{- end }}
</server>
{{- end}}
<buffer>
@type file
path /opt/bitnami/fluentd/logs/buffers/logs.buffer
flush_thread_count 2
flush_interval 5s
</buffer>
</match>
{{- else }}
# Send the logs to the standard output
<match **>
@type stdout
</match>
{{- end }}
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for in_tail plugin
<source>
@type prometheus_tail_monitor
<labels>
host #{hostname}
</labels>
</source>
## String with extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
@@ -366,7 +473,8 @@ aggregator:
##
# readOnlyRootFilesystem: true
capabilities:
drop: ['ALL']
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
@@ -378,6 +486,71 @@ aggregator:
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
<match fluent.**>
@type null
</match>
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# TCP input to receive logs from
{{- if and .Values.aggregator.port }}
<source>
@type forward
bind 0.0.0.0
port {{ .Values.aggregator.port }}
</source>
{{- end }}
# HTTP input for the liveness and readiness probes
<source>
@type http
bind 0.0.0.0
port 9880
</source>
fluentd-output.conf: |
# Throw the healthcheck to the standard output
<match fluentd.healthcheck>
@type stdout
</match>
# Send the logs to the standard output
<match **>
@type stdout
</match>
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
<source>
@type prometheus
port {{ .Values.metrics.service.port }}
</source>
# input plugin that collects metrics from MonitorAgent
<source>
@type prometheus_monitor
<labels>
host #{hostname}
</labels>
</source>
# input plugin that collects metrics for output plugin
<source>
@type prometheus_output_monitor
<labels>
host #{hostname}
</labels>
</source>
## Port the Aggregator container will listen for logs. Leave it blank to ignore.
## You can specify other ports in the aggregator.containerPorts parameter
##
@@ -444,6 +617,90 @@ aggregator:
##
annotations: {}
## Configure the ingress resource that allows you to access the
## Fluentd aggregator. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
##
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
##
certManager: false
## Ingress Path type
##
pathType: ImplementationSpecific
## Override API Version (automatically detected if not set)
##
apiVersion:
## When the ingress is enabled, a host pointing to this will be created
##
hostname: fluentd.local
## The Path to WordPress. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.aggregator.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: fluentd.local
## path: /
##
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
## The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - fluentd.local
## secretName: fluentd.local-tls
##
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
secrets: []
## - name: fluentd.local-tls
## key:
## certificate:
##
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
@@ -564,6 +821,27 @@ aggregator:
##
annotations: {}
## Autoscaling parameters
## This is not recommended in a forwarder+aggregator architecture
##
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
## Persist data to a persistent volume
persistence:
enabled: false