# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param clusterDomain Cluster Domain
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section Fluentd parameters
## Bitnami Fluentd image version
## ref: https://hub.docker.com/r/bitnami/fluentd/tags/
## @param image.registry [default: REGISTRY_NAME] Fluentd image registry
## @param image.repository [default: REPOSITORY_NAME/fluentd] Fluentd image repository
## @skip image.tag Fluentd image tag (immutable tags are recommended)
## @param image.pullPolicy Fluentd image pull policy
## @param image.pullSecrets Fluentd image pull secrets
## @param image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/fluentd
tag: 1.17.0-debian-12-r3
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
## pullSecrets:
## - myRegistryKeySecretName
pullSecrets: []
## Enable debug mode
##
debug: false
## Forwarder parameters
##
forwarder:
## @param forwarder.enabled Enable forwarder daemonset
##
enabled: true
## @param forwarder.image.registry [default: ""] Fluentd forwarder image registry override
## @param forwarder.image.repository [default: ""] Fluentd forwarder image repository override
## @skip forwarder.image.tag Fluentd forwarder image tag override (immutable tags are recommended)
image:
registry: ""
repository: ""
tag: ""
## @param forwarder.daemonUser Forwarder daemon user and group (set to root by default because it reads from host paths)
##
daemonUser: root
## @param forwarder.daemonGroup Fluentd forwarder daemon system group
##
daemonGroup: root
## @param forwarder.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param forwarder.hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## K8s Security Context for forwarder pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param forwarder.podSecurityContext.enabled Enable security context for forwarder pods
## @param forwarder.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param forwarder.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param forwarder.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param forwarder.podSecurityContext.fsGroup Group ID for forwarder's containers filesystem
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 0
## K8s Security Context for forwarder container
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param forwarder.containerSecurityContext.enabled Enable security context for the forwarder container
## @param forwarder.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param forwarder.containerSecurityContext.runAsUser User ID for forwarder's containers
## @param forwarder.containerSecurityContext.runAsGroup Group ID for forwarder's containers
## @param forwarder.containerSecurityContext.privileged Run as privileged
## @param forwarder.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation
## @param forwarder.containerSecurityContext.readOnlyRootFilesystem Require the use of a read only root file system
## @param forwarder.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param forwarder.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 0
runAsGroup: 0
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: "RuntimeDefault"
## @param forwarder.hostNetwork Enable use of host network
##
hostNetwork: false
## @param forwarder.dnsPolicy Pod-specific DNS policy
##
dnsPolicy: ""
## @param forwarder.terminationGracePeriodSeconds Duration in seconds the pod needs to terminate gracefully
## https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
##
terminationGracePeriodSeconds: 30
## @param forwarder.extraGems List of extra gems to be installed. Can be used to install additional fluentd plugins.
##
extraGems: []
## @param forwarder.configFile Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory
##
configFile: fluentd.conf
## @param forwarder.configMap Name of the config map that contains the Fluentd configuration files
## If not specified, one will be created by default
##
configMap: ""
## @param forwarder.configMapFiles [object] Files to be added to be config map. Ignored if `forwarder.configMap` is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
@type null
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# HTTP input for the liveness and readiness probes
@type http
port 9880
# Get the logs from the containers running in the node
@type tail
path /var/log/containers/*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
tag kubernetes.*
read_from_head true
@type json
time_key time
time_format %Y-%m-%dT%H:%M:%S.%NZ
# enrich with kubernetes metadata
{{- if or .Values.forwarder.serviceAccount.create .Values.forwarder.serviceAccount.name }}
@type kubernetes_metadata
{{- end }}
fluentd-output.conf: |
# Throw the healthcheck to the standard output instead of forwarding it
@type stdout
{{- if .Values.aggregator.enabled }}
# Forward all logs to the aggregators
@type forward
{{- if .Values.tls.enabled }}
transport tls
tls_cert_path /opt/bitnami/fluentd/certs/out_forward/ca.crt
tls_client_cert_path /opt/bitnami/fluentd/certs/out_forward/tls.crt
tls_client_private_key_path /opt/bitnami/fluentd/certs/out_forward/tls.key
{{- end }}
{{- $fullName := (include "common.names.fullname" .) }}
{{- $global := . }}
{{- $domain := default "cluster.local" .Values.clusterDomain }}
{{- $port := .Values.aggregator.port | int }}
{{- range $i, $e := until (.Values.aggregator.replicaCount | int) }}
{{ printf "host %s-%d.%s-headless.%s.svc.%s" $fullName $i $fullName $global.Release.Namespace $domain }}
{{ printf "port %d" $port }}
{{- if ne $i 0 }}
standby
{{- end }}
{{- end }}
@type file
path /opt/bitnami/fluentd/logs/buffers/logs.buffer
flush_thread_count 2
flush_interval 5s
{{- else }}
# Send the logs to the standard output
@type stdout
{{- end }}
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
@type prometheus
port {{ .Values.metrics.service.port }}
# input plugin that collects metrics from MonitorAgent
@type prometheus_monitor
host ${hostname}
# input plugin that collects metrics for output plugin
@type prometheus_output_monitor
host ${hostname}
# input plugin that collects metrics for in_tail plugin
@type prometheus_tail_monitor
host ${hostname}
## @param forwarder.extraArgs Extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
extraArgs: ""
## @param forwarder.extraEnvVars Extra environment variables to pass to the container
## extraEnvVars:
## - name: MY_ENV_VAR
## value: my_value
##
extraEnvVars: []
## @param forwarder.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Fluentd Forwarder nodes
##
extraEnvVarsCM: ""
## @param forwarder.extraEnvVarsSecret Name of existing Secret containing extra env vars for Fluentd Forwarder nodes
##
extraEnvVarsSecret: ""
## @param forwarder.containerPorts [array] Ports the forwarder containers will listen on
##
containerPorts:
## - name: syslog-tcp
## containerPort: 5140
## protocol: TCP
## - name: syslog-udp
## containerPort: 5140
## protocol: UDP
## - name: tcp
## containerPort: 24224
## protocol: TCP
- name: http
containerPort: 9880
protocol: TCP
## Service parameters
##
service:
## @param forwarder.service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders
##
type: ClusterIP
## @param forwarder.service.ports [object] Array containing the forwarder service ports
##
ports:
## syslog-udp:
## port: 5140
## targetPort: syslog-udp
## protocol: UDP
## nodePort: 31514
## syslog-tcp:
## port: 5140
## targetPort: syslog-tcp
## protocol: TCP
## nodePort: 31514
## tcp:
## port: 24224
## targetPort: tcp
## protocol: TCP
http:
port: 9880
targetPort: http
protocol: TCP
## @param forwarder.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param forwarder.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param forwarder.service.externalTrafficPolicy Fluentd Forwarder service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param forwarder.service.clusterIP Static clusterIP or None for headless services
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param forwarder.service.annotations Provide any additional annotations which may be required
##
annotations: {}
## @param forwarder.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param forwarder.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param forwarder.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param forwarder.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param forwarder.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param forwarder.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param forwarder.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param forwarder.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param forwarder.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param forwarder.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure extra options for startup probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param forwarder.startupProbe.enabled Enable startupProbe
## @param forwarder.startupProbe.httpGet.path Request path for startupProbe
## @param forwarder.startupProbe.httpGet.port Port for startupProbe
## @param forwarder.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param forwarder.startupProbe.periodSeconds Period seconds for startupProbe
## @param forwarder.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param forwarder.startupProbe.failureThreshold Failure threshold for startupProbe
## @param forwarder.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param forwarder.livenessProbe.enabled Enable livenessProbe
## @param forwarder.livenessProbe.tcpSocket.port Port for livenessProbe
## @param forwarder.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param forwarder.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param forwarder.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param forwarder.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param forwarder.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param forwarder.readinessProbe.enabled Enable readinessProbe
## @param forwarder.readinessProbe.httpGet.path Request path for readinessProbe
## @param forwarder.readinessProbe.httpGet.port Port for readinessProbe
## @param forwarder.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param forwarder.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param forwarder.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param forwarder.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param forwarder.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param forwarder.customStartupProbe Custom liveness probe for the Fluend Forwarder
##
customStartupProbe: {}
## @param forwarder.customLivenessProbe Custom liveness probe for the Fluend Forwarder
##
customLivenessProbe: {}
## @param forwarder.customReadinessProbe Custom rediness probe for the Fluend Forwarder
##
customReadinessProbe: {}
## @param forwarder.updateStrategy.type Set up update strategy.
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Forwarder containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param forwarder.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if forwarder.resources is set (forwarder.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param forwarder.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param forwarder.priorityClassName Set Priority Class Name to allow priority control over other pods
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param forwarder.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param forwarder.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param forwarder.podAffinityPreset Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param forwarder.podAntiAffinityPreset Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: ""
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param forwarder.nodeAffinityPreset.type Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param forwarder.nodeAffinityPreset.key Forwarder Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param forwarder.nodeAffinityPreset.values Forwarder Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param forwarder.affinity Forwarder Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param forwarder.nodeSelector Forwarder Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param forwarder.tolerations Forwarder Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param forwarder.podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param forwarder.podLabels Extra labels to add to Pod
##
podLabels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param forwarder.serviceAccount.create Specify whether a ServiceAccount should be created.
##
create: true
## @param forwarder.serviceAccount.name The name of the ServiceAccount to create
## If not set and create is true, a name is generated using the common.names.fullname template
name: ""
## @param forwarder.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: {}
## @param forwarder.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: false
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
## @param forwarder.rbac.create Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces
## @param forwarder.rbac.pspEnabled Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
rbac:
create: true
pspEnabled: false
## Persist data to a persistent volume
##
persistence:
## @param forwarder.persistence.enabled Enable persistence volume for the forwarder
##
enabled: false
## @param forwarder.persistence.hostPath.path Directory from the host node's filesystem to mount as hostPath volume for persistence.
## The host directory you chose is mounted into /opt/bitnami/fluentd/logs/buffers in your Pod
## Example use case: mount host directory /tmp/buffer (if the directory doesn't exist, it creates it) into forwarder pod.
## persistence:
## enabled: true
## hostPath:
## path: /tmp/buffer
##
hostPath:
path: /opt/bitnami/fluentd/logs/buffers
## @param forwarder.command Override default container command (useful when using custom images)
##
command: []
## @param forwarder.args Override default container args (useful when using custom images)
##
args: []
## @param forwarder.lifecycleHooks Additional lifecycles to add to the pods
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
## e.g:
## postStart:
## exec:
## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
## preStop:
## exec:
## command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
##
lifecycleHooks: {}
## install-extra-gems and tmp-dir-permissions containers resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param forwarder.initResourcePresets Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if aggregator.resources is set (aggregator.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
initResourcePresets: "nano"
## @param forwarder.initResources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## initResources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
initResources: {}
## @param forwarder.initContainers Additional init containers to add to the pods
## For example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
##
initContainers: []
## @param forwarder.sidecars Add sidecars to forwarder pods
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param forwarder.extraVolumes Extra volumes
## Example Use Case: mount systemd journal volume
## - name: systemd
## hostPath:
## path: /run/log/journal/
##
extraVolumes: []
## @param forwarder.extraVolumeMounts Mount extra volume(s)
## - name: systemd
## mountPath: /run/log/journal/
##
extraVolumeMounts: []
## @param forwarder.initScripts Dictionary of init scripts. Evaluated as a template.
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
## For example:
## initScripts:
## my_init_script.sh: |
## #!/bin/sh
## echo "Do something."
##
initScripts: {}
## @param forwarder.initScriptsCM ConfigMap with the init scripts. Evaluated as a template.
## Note: This will override initScripts
##
initScriptsCM: ""
## @param forwarder.initScriptsSecret Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template.
##
initScriptsSecret: ""
##
## Aggregator parameters
##
aggregator:
## @param aggregator.enabled Enable Fluentd aggregator statefulset
##
enabled: true
## @param aggregator.image.registry [default: ""] Fluentd aggregator image registry override
## @param aggregator.image.repository [default: ""] Fluentd aggregator image repository override
## @skip aggregator.image.tag Fluentd aggregator image tag override (immutable tags are recommended)
image:
registry: ""
repository: ""
tag: ""
## @param aggregator.replicaCount Number of aggregator pods to deploy in the Stateful Set
##
replicaCount: 1
## K8s Security Context for Aggregator pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param aggregator.podSecurityContext.enabled Enable security context for aggregator pods
## @param aggregator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param aggregator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param aggregator.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param aggregator.podSecurityContext.fsGroup Group ID for aggregator's containers filesystem
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## @param aggregator.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param aggregator.hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## K8s Security Context for Aggregator containers
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param aggregator.containerSecurityContext.enabled Enable security context for the aggregator container
## @param aggregator.containerSecurityContext.privileged Run as privileged
## @param aggregator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param aggregator.containerSecurityContext.runAsUser User ID for aggregator's containers
## @param aggregator.containerSecurityContext.runAsGroup Group ID for aggregator's containers
## @param aggregator.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation
## @param aggregator.containerSecurityContext.readOnlyRootFilesystem Require the use of a read only root file system
## @param aggregator.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param aggregator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
privileged: false
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: "RuntimeDefault"
## @param aggregator.terminationGracePeriodSeconds Duration in seconds the pod needs to terminate gracefully
## https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
##
terminationGracePeriodSeconds: 30
## @param aggregator.extraGems List of extra gems to be installed. Can be used to install additional fluentd plugins.
##
extraGems: []
## @param aggregator.configFile Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory
##
configFile: fluentd.conf
## @param aggregator.configMap Name of the config map that contains the Fluentd configuration files
##
configMap: ""
## @param aggregator.configMapFiles [object] Files to be added to be config map. Ignored if `aggregator.configMap` is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
@type null
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# TCP input to receive logs from
{{- if .Values.aggregator.port }}
@type forward
bind 0.0.0.0
port {{ .Values.aggregator.port }}
{{- if .Values.tls.enabled }}
ca_path /opt/bitnami/fluentd/certs/in_forward/ca.crt
cert_path /opt/bitnami/fluentd/certs/in_forward/tls.crt
private_key_path /opt/bitnami/fluentd/certs/in_forward/tls.key
client_cert_auth true
{{- end }}
{{- end }}
# HTTP input for the liveness and readiness probes
@type http
bind 0.0.0.0
port 9880
fluentd-output.conf: |
# Throw the healthcheck to the standard output
@type stdout
# Send the logs to the standard output
@type stdout
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
@type prometheus
port {{ .Values.metrics.service.port }}
# input plugin that collects metrics from MonitorAgent
@type prometheus_monitor
host ${hostname}
# input plugin that collects metrics for output plugin
@type prometheus_output_monitor
host ${hostname}
## @param aggregator.port Port the Aggregator container will listen for logs. Leave it blank to ignore.
## You can specify other ports in the aggregator.containerPorts parameter
##
port: 24224
## @param aggregator.extraArgs Extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
extraArgs: ""
## @param aggregator.extraEnvVars Extra environment variables to pass to the container
## extraEnvVars:
## - name: MY_ENV_VAR
## value: my_value
##
extraEnvVars: []
## @param aggregator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Fluentd Aggregator nodes
##
extraEnvVarsCM: ""
## @param aggregator.extraEnvVarsSecret Name of existing Secret containing extra env vars for Fluentd Aggregator nodes
##
extraEnvVarsSecret: ""
## @param aggregator.containerPorts [array] Ports the aggregator containers will listen on
##
containerPorts:
# - name: my-port
# containerPort: 24222
# protocol: TCP
- name: http
containerPort: 9880
protocol: TCP
## Service parameters
##
service:
## @param aggregator.service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators
##
type: ClusterIP
## @param aggregator.service.ports [object] Array containing the aggregator service ports
##
ports:
http:
port: 9880
targetPort: http
protocol: TCP
tcp:
port: 24224
targetPort: tcp
protocol: TCP
## @param aggregator.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param aggregator.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
## loadBalancerSourceRanges:
## - 10.10.10.0/24
loadBalancerSourceRanges: []
## @param aggregator.service.clusterIP Static clusterIP or None for headless services
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param aggregator.service.annotations Provide any additional annotations which may be required
##
annotations: {}
## @param aggregator.service.externalTrafficPolicy Fluentd Aggregator service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param aggregator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param aggregator.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @param aggregator.service.annotationsHeadless Provide any additional annotations which may be required on headless service
##
annotationsHeadless: {}
## Headless service properties
##
headless:
## @param aggregator.service.headless.annotations Annotations for the headless service.
##
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param aggregator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param aggregator.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param aggregator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param aggregator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param aggregator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param aggregator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param aggregator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access the
## Fluentd aggregator. Set up the URL
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param aggregator.ingress.enabled Set to true to enable ingress record generation
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param aggregator.ingress.pathType Ingress Path type. How the path matching is interpreted
##
pathType: ImplementationSpecific
## @param aggregator.ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param aggregator.ingress.hostname Default host for the ingress resource
##
hostname: fluentd.local
## @param aggregator.ingress.path Default path for the ingress resource
## You may need to set this to '/*' in order to use this with ALB ingress controllers.
##
path: /
## @param aggregator.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param aggregator.ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.aggregator.ingress.hostname | trunc 63 | trimSuffix "-" }}
## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it
##
tls: false
## @param aggregator.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: fluentd.local
## path: /
##
extraHosts: []
## @param aggregator.ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param aggregator.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - fluentd.local
## secretName: fluentd.local-tls
##
extraTls: []
## @param aggregator.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## - name: fluentd.local-tls
## key:
## certificate:
##
secrets: []
## @param aggregator.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param aggregator.ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## Configure extra options for startup probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param aggregator.startupProbe.enabled Enable startupProbe
## @param aggregator.startupProbe.httpGet.path Request path for startupProbe
## @param aggregator.startupProbe.httpGet.port Port for startupProbe
## @param aggregator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param aggregator.startupProbe.periodSeconds Period seconds for startupProbe
## @param aggregator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param aggregator.startupProbe.failureThreshold Failure threshold for startupProbe
## @param aggregator.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param aggregator.livenessProbe.enabled Enable livenessProbe
## @param aggregator.livenessProbe.tcpSocket.port Port for livenessProbe
## @param aggregator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param aggregator.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param aggregator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param aggregator.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param aggregator.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param aggregator.readinessProbe.enabled Enable readinessProbe
## @param aggregator.readinessProbe.httpGet.path Request path for readinessProbe
## @param aggregator.readinessProbe.httpGet.port Port for readinessProbe
## @param aggregator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param aggregator.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param aggregator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param aggregator.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param aggregator.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param aggregator.customStartupProbe Custom liveness probe for the Fluentd Aggregator
##
customStartupProbe: {}
## @param aggregator.customLivenessProbe Custom liveness probe for the Fluentd Aggregator
##
customLivenessProbe: {}
## @param aggregator.customReadinessProbe Custom rediness probe for the Fluentd Aggregator
##
customReadinessProbe: {}
## @param aggregator.updateStrategy.type Set up update strategy.
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Aggregator containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param aggregator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if aggregator.resources is set (aggregator.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param aggregator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param aggregator.priorityClassName Fluentd Aggregator pods' priorityClassName
##
priorityClassName: ""
## @param aggregator.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param aggregator.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param aggregator.podManagementPolicy podManagementPolicy to manage scaling operation of Fluentd Aggregator pods
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: ""
## @param aggregator.podAffinityPreset Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param aggregator.podAntiAffinityPreset Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param aggregator.nodeAffinityPreset.type Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param aggregator.nodeAffinityPreset.key Aggregator Node label key to match Ignored if `affinity` is set.
##
key: ""
## @param aggregator.nodeAffinityPreset.values Aggregator Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param aggregator.affinity Aggregator Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param aggregator.nodeSelector Aggregator Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param aggregator.tolerations Aggregator Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param aggregator.podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param aggregator.podLabels Extra labels to add to Pod
##
podLabels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param aggregator.serviceAccount.create Specify whether a ServiceAccount should be created
##
create: true
## @param aggregator.serviceAccount.name The name of the ServiceAccount to create
## If not set and create is true, a name is generated using the common.names.fullname template
name: ""
## @param aggregator.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: {}
## @param aggregator.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: false
## Autoscaling parameters
## This is not recommended in a forwarder+aggregator architecture
## @param aggregator.autoscaling.enabled Create an Horizontal Pod Autoscaler
## @param aggregator.autoscaling.minReplicas Minimum number of replicas for the HPA
## @param aggregator.autoscaling.maxReplicas Maximum number of replicas for the HPA
## @param aggregator.autoscaling.metrics [array] Metrics for the HPA to manage the scaling
## @param aggregator.autoscaling.behavior HPA Behavior
##
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
behavior: {}
## Persist data to a persistent volume
##
persistence:
## @param aggregator.persistence.enabled Enable persistence volume for the aggregator
##
enabled: false
## @param aggregator.persistence.storageClass Persistent Volume storage class
## If defined, storageClassName:
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param aggregator.persistence.accessModes Persistent Volume access modes
##
accessModes:
- ReadWriteOnce
## @param aggregator.persistence.size Persistent Volume size
##
size: 10Gi
## @param aggregator.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
selector: {}
## @param aggregator.persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param aggregator.command Override default container command (useful when using custom images)
##
command: []
## @param aggregator.args Override default container args (useful when using custom images)
##
args: []
## @param aggregator.lifecycleHooks Additional lifecycles to add to the pods
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
## e.g:
## postStart:
## exec:
## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
## preStop:
## exec:
## command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
##
lifecycleHooks: {}
## install-extra-gems and tmp-dir-permissions containers resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param aggregator.initResourcePresets Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if aggregator.resources is set (aggregator.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
initResourcePresets: "nano"
## @param aggregator.initResources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## initResources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
initResources: {}
## @param aggregator.initContainers Add init containers to aggregator pods
## Example
##
## initContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
##
initContainers: []
## @param aggregator.sidecars Add sidecars to aggregator pods
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param aggregator.extraVolumes Extra volumes
## Example Use Case: mount an emptyDir into /tmp to support running with readOnlyRootFileSystem
## - name: tmpDir
## emptyDir: {}
##
extraVolumes: []
## @param aggregator.extraVolumeMounts Mount extra volume(s)
## - name: tmpDir
## mountPath: /tmp
##
extraVolumeMounts: []
## @param aggregator.extraVolumeClaimTemplates Optionally specify extra list of additional volume claim templates for the Fluentd Aggregator pods in StatefulSet
##
extraVolumeClaimTemplates: []
## @param aggregator.initScripts Dictionary of init scripts. Evaluated as a template.
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
## For example:
## initScripts:
## my_init_script.sh: |
## #!/bin/sh
## echo "Do something."
##
initScripts: {}
## @param aggregator.initScriptsCM ConfigMap with the init scripts. Evaluated as a template.
## Note: This will override initScripts
##
initScriptsCM: ""
## @param aggregator.initScriptsSecret Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template.
##
initScriptsSecret: ""
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param aggregator.pdb.create Enable/disable a Pod Disruption Budget creation
## @param aggregator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param aggregator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable.Defaults to `1` if both `secondary.pdb.minAvailable` and `secondary.pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Exporter service parameters
##
service:
## @param metrics.service.type Prometheus metrics service type
##
type: ClusterIP
## @param metrics.service.port Prometheus metrics service port
##
port: 24231
## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer`
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param metrics.service.clusterIP Prometheus metrics service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param metrics.service.loadBalancerSourceRanges Prometheus metrics service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param metrics.service.externalTrafficPolicy Prometheus metrics service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param metrics.service.annotations [object] Annotations for the Prometheus Exporter service service
## If port or path annotation is provided the values will be used to in the prometheus ServiceMonitor CRD.
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "24231"
prometheus.io/path: "/metrics"
## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## interval: 10s
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
##
relabelings: []
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
##
metricRelabelings: []
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## e.g:
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param metrics.serviceMonitor.labels ServiceMonitor extra labels
##
labels: {}
## @param metrics.serviceMonitor.annotations ServiceMonitor annotations
##
annotations: {}
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.serviceMonitor.path path defines the path that promethues will use to pull metrics from the container
##
path: "/metrics"
## Enable internal SSL/TLS encryption
##
tls:
## @param tls.enabled Enable TLS/SSL encrytion for internal communications
##
enabled: false
## @param tls.autoGenerated Generate automatically self-signed TLS certificates.
##
autoGenerated: false
## @param tls.forwarder.existingSecret Name of the existing secret containing the TLS certificates for the Fluentd forwarder
##
forwarder:
existingSecret: ""
## @param tls.aggregator.existingSecret Name of the existing secret containing the TLS certificates for the Fluentd aggregator
##
aggregator:
existingSecret: ""