## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
global: {}
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
## Bitnami Fluentd image version
## ref: https://hub.docker.com/r/bitnami/fluentd/tags/
##
image:
registry: docker.io
repository: bitnami/fluentd
tag: 1.12.0-debian-10-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Force target Kubernetes version (using Helm capabilites if not set)
##
kubeVersion:
## String to partially override fluentd.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override fluentd.fullname template
##
# fullnameOverride:
## Cluster Domain
##
clusterDomain: cluster.local
## Forwarder parameters
##
forwarder:
## Enable forwarder daemonset
##
enabled: true
## Forwarder daemon user and group (set to root by default because it reads from host paths)
##
daemonUser: root
daemonGroup: root
## K8s Security Context for forwarder pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
runAsUser: 0
runAsGroup: 0
fsGroup: 0
## K8s Security Context for forwarder container
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
enabled: true
privileged: false
allowPrivilegeEscalation: false
## Requires mounting an `extraVolume` of type `emptyDir` into /tmp
##
# readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
##
configFile: fluentd.conf
## Name of the configMap that contains the configuration files for fluentd
## If not specified, one will be created by default
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
@type null
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# HTTP input for the liveness and readiness probes
@type http
port 9880
# Get the logs from the containers running in the node
@type tail
path /var/log/containers/*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
tag kubernetes.*
read_from_head true
@type json
# enrich with kubernetes metadata
@type kubernetes_metadata
fluentd-output.conf: |
# Throw the healthcheck to the standard output instead of forwarding it
@type stdout
{{ if .Values.aggregator.enabled }}
# Forward all logs to the aggregators
@type forward
{{- $fullName := (include "fluentd.fullname" .) }}
{{- $global := . }}
{{- $domain := default "cluster.local" .Values.clusterDomain }}
{{- $port := .Values.aggregator.port | int }}
{{- range $i, $e := until (.Values.aggregator.replicaCount | int) }}
{{ printf "host %s-%d.%s-headless.%s.svc.%s" $fullName $i $fullName $global.Release.Namespace $domain }}
{{ printf "port %d" $port }}
{{- if ne $i 0 }}
standby
{{- end }}
{{- end}}
@type file
path /opt/bitnami/fluentd/logs/buffers/logs.buffer
flush_thread_count 2
flush_interval 5s
{{- else }}
# Send the logs to the standard output
@type stdout
{{- end }}
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
@type prometheus
port {{ .Values.metrics.service.port }}
# input plugin that collects metrics from MonitorAgent
@type prometheus_monitor
host #{hostname}
# input plugin that collects metrics for output plugin
@type prometheus_output_monitor
host #{hostname}
# input plugin that collects metrics for in_tail plugin
@type prometheus_tail_monitor
host #{hostname}
## String with extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
extraArgs: ""
## Extra environment variables to pass to the container
## extraEnv:
## - name: MY_ENV_VAR
## value: my_value
##
extraEnv: []
## Forwarder containers' ports
##
containerPorts:
# - name: syslog-tcp
# containerPort: 5140
# protocol: TCP
# - name: syslog-udp
# containerPort: 5140
# protocol: UDP
# - name: tcp
# containerPort: 24224
# protocol: TCP
- name: http
containerPort: 9880
protocol: TCP
## Service parameters
##
service:
## Service type
##
type: ClusterIP
## Service ports
##
ports:
# syslog-udp:
# port: 5140
# targetPort: syslog-udp
# protocol: UDP
# nodePort: 31514
# syslog-tcp:
# port: 5140
# targetPort: syslog-tcp
# protocol: TCP
# nodePort: 31514
# tcp:
# port: 24224
# targetPort: tcp
# protocol: TCP
http:
port: 9880
targetPort: http
protocol: TCP
## loadBalancerIP for the forwarders service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
# loadBalancerIP:
## Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## Set the Cluster IP to use
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
# clusterIP: None
## Provide any additional annotations which may be required
##
annotations: {}
## Forwarder containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Set up update strategy.
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy
## Example:
# updateStrategy:
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
updateStrategy:
type: RollingUpdate
## Forwarder containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 500m
# memory: 1Gi
requests: {}
# cpu: 300m
# memory: 512Mi
## Set Priority Class Name to allow priority control over other pods
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: ""
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## Node affinity type
## Allowed values: soft, hard
type: ""
## Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Extra labels to add to Pod
podLabels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
## Specifies whether a ServiceAccount should be created
##
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fluentd.fullname template
# name:
## Annotations for the Service Account (evaluated as a template)
##
annotations: {}
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
create: true
pspEnabled: false
## Add init containers to forwarder pods
## For example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
##
## Persist data to a persistent volume
persistence:
enabled: false
## If persistence enabled, a hostPath volume mounts a directory of your choice from the host node's filesystem into your Pod.
## The host directory you chose is mounted into /opt/bitnami/fluentd/logs/buffers in your Pod
## Example use case: mount host directory /tmp/buffer (if the directory doesn't exist, it creates it) into forwarder pod.
## persistence:
## enabled: true
## hostPath:
## path: /tmp/buffer
hostPath:
path: /opt/bitnami/fluentd/logs/buffers
initContainers: []
## Add sidecars to forwarder pods
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## Extra volumes to mount
## Example Use Case: mount systemd journal volume
# extraVolumes:
# - name: systemd
# hostPath:
# path: /run/log/journal/
#
# extraVolumeMounts:
# - name: systemd
# mountPath: /run/log/journal/
## Aggregator parameters
##
aggregator:
## Enable Aggregator daemonset
##
enabled: true
## Number of Aggregator replicas
##
replicaCount: 1
## K8s Security Context for Aggregator pods
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
## K8s Security Context for Aggregator containers
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
enabled: true
privileged: false
allowPrivilegeEscalation: false
## Requires mounting an `extraVolume` of type `emptyDir` into /tmp
##
# readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
## Name of the config file that will be used by Fluentd at launch
## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory
##
configFile: fluentd.conf
## Name of the configMap that contains the configuration files for fluentd
## If not specified, one will be created by default
##
# configMap:
## Files to be added to the configMap
## This is ignored if configMap is set
##
configMapFiles:
fluentd.conf: |
# Ignore fluentd own events
@type null
@include fluentd-inputs.conf
@include fluentd-output.conf
{{- if .Values.metrics.enabled }}
@include metrics.conf
{{- end }}
fluentd-inputs.conf: |
# TCP input to receive logs from
{{- if and .Values.aggregator.port }}
@type forward
bind 0.0.0.0
port {{ .Values.aggregator.port }}
{{- end }}
# HTTP input for the liveness and readiness probes
@type http
bind 0.0.0.0
port 9880
fluentd-output.conf: |
# Throw the healthcheck to the standard output
@type stdout
# Send the logs to the standard output
@type stdout
metrics.conf: |
# Prometheus Exporter Plugin
# input plugin that exports metrics
@type prometheus
port {{ .Values.metrics.service.port }}
# input plugin that collects metrics from MonitorAgent
@type prometheus_monitor
host #{hostname}
# input plugin that collects metrics for output plugin
@type prometheus_output_monitor
host #{hostname}
## Port the Aggregator container will listen for logs. Leave it blank to ignore.
## You can specify other ports in the aggregator.containerPorts parameter
##
port: 24224
## String with extra arguments for the Fluentd command line
## ref: https://docs.fluentd.org/deployment/command-line-option
##
extraArgs: ""
## Extra environment variables to pass to the container
## extraEnv:
## - name: MY_ENV_VAR
## value: my_value
##
extraEnv: []
## Aggregator containers' ports
##
containerPorts:
# - name: my-port
# containerPort: 24222
# protocol: TCP
- name: http
containerPort: 9880
protocol: TCP
## Service parameters
##
service:
## Service type
##
type: ClusterIP
## Service ports
##
ports:
http:
port: 9880
targetPort: http
protocol: TCP
tcp:
port: 24224
targetPort: tcp
protocol: TCP
## loadBalancerIP for the forwarders service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
# loadBalancerIP:
## Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## Set the Cluster IP to use
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
# clusterIP: None
## Provide any additional annotations which may be required
##
annotations: {}
## Configure the ingress resource that allows you to access the
## Fluentd aggregator. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
##
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
##
certManager: false
## Ingress Path type
##
pathType: ImplementationSpecific
## Override API Version (automatically detected if not set)
##
apiVersion:
## When the ingress is enabled, a host pointing to this will be created
##
hostname: fluentd.local
## The Path to WordPress. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.aggregator.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: fluentd.local
## path: /
##
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
## The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - fluentd.local
## secretName: fluentd.local-tls
##
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
secrets: []
## - name: fluentd.local-tls
## key:
## certificate:
##
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
httpGet:
path: /fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Set up update strategy.
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
## Example:
# updateStrategy:
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
updateStrategy:
type: RollingUpdate
## Aggregator containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 500m
# memory: 1Gi
requests: {}
# cpu: 300m
# memory: 512Mi
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## Node affinity type
## Allowed values: soft, hard
type: ""
## Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Extra labels to add to Pod
podLabels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
## Specifies whether a ServiceAccount should be created
##
create: false
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fluentd.fullname template
# name:
## Annotations for the Service Account (evaluated as a template)
##
annotations: {}
## Autoscaling parameters
## This is not recommended in a forwarder+aggregator architecture
##
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
## Persist data to a persistent volume
persistence:
enabled: false
## If defined, storageClassName:
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 10Gi
## Add init containers to aggregator pods
## Example
##
## initContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
##
initContainers: []
## Add sidecars to aggregator pods
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## Extra volumes to mount
## Example Use Case: mount an emptyDir into /tmp to support running with readOnlyRootFileSystem
# extraVolumes:
# - name: tmpDir
# emptyDir: {}
#
# extraVolumeMounts:
# - name: tmpDir
# mountPath: /tmp
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
## This top-level global entry is DEPRECATED. Please use "forwarder.serviceAccount" instead. Only the
## forwarder was affected by the historical usage here.
serviceAccount: {}
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
## This top-level global entry is DEPRECATED. Please use "forwarder.rbac" instead. Only the
## forwarder was affected by the historical usage here.
rbac: {}
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
## Prometheus Exporter service parameters
##
service:
## Service type
##
type: ClusterIP
## Service port
##
port: 24231
## loadBalancerIP for the Prometheus Exporter service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
# loadBalancerIP:
## Annotations for the Prometheus Exporter service service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "24231"
prometheus.io/path: "/metrics"
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
enabled: false
## Namespace in which Prometheus is running
##
# namespace: monitoring
## Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# interval: 10s
## Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# scrapeTimeout: 10s
## ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
# selector:
# prometheus: my-prometheus
## Mount TLS certificates
##
tls:
enabled: false
certificate: |-
key: |-
# existingSecret: name-of-existing-secret-to-certificates