1apiVersion: project.openshift.io/v1
2kind: Project
3metadata:
4 labels:
5 app: collectorforopenshift
6 name: collectorforopenshift
7 annotations:
8 openshift.io/node-selector: ''
9 openshift.io/description: 'Monitoring OpenShift in Splunk, built by Outcold Solutions'
10 openshift.io/display-name: 'Collectord for OpenShift'
11---
12apiVersion: apiextensions.k8s.io/v1
13kind: CustomResourceDefinition
14metadata:
15 name: configurations.collectord.io
16spec:
17 group: collectord.io
18 versions:
19 - name: v1
20 served: true
21 storage: true
22 schema:
23 openAPIV3Schema:
24 type: object
25 properties:
26 spec:
27 type: object
28 additionalProperties: true
29 force:
30 type: boolean
31 scope: Cluster
32 names:
33 listKind: ConfigurationList
34 plural: configurations
35 singular: configuration
36 kind: Configuration
37---
38apiVersion: apiextensions.k8s.io/v1
39kind: CustomResourceDefinition
40metadata:
41 name: splunkoutputs.collectord.io
42spec:
43 group: collectord.io
44 versions:
45 - name: v1
46 served: true
47 storage: true
48 schema:
49 openAPIV3Schema:
50 type: object
51 properties:
52 spec:
53 type: object
54 properties:
55 url:
56 type: string
57 format: uri
58 insecure:
59 type: boolean
60 token:
61 type: string
62 description: "Plain token"
63 tokenFromSecret:
64 type: object
65 description: "Reference to a Kubernetes Secret"
66 properties:
67 secret:
68 type: string
69 key:
70 type: string
71 oneOf:
72 - required: ["token"]
73 - required: ["tokenFromSecret"]
74 scope: Namespaced
75 names:
76 listKind: SplunkOutputList
77 plural: splunkoutputs
78 singular: splunkoutput
79 kind: SplunkOutput
80---
81apiVersion: scheduling.k8s.io/v1
82kind: PriorityClass
83metadata:
84 name: collectorforopenshift-critical
85value: 1000000000
86---
87kind: SecurityContextConstraints
88apiVersion: security.openshift.io/v1
89metadata:
90 name: collectorforopenshift
91allowHostDirVolumePlugin: true
92allowHostIPC: true
93allowHostNetwork: true
94allowHostPID: true
95allowHostPorts: true
96allowPrivilegeEscalation: true
97allowPrivilegedContainer: true
98readOnlyRootFilesystem: false
99allowedCapabilities:
100 - '*'
101allowedUnsafeSysctls:
102 - '*'
103fsGroup:
104 type: RunAsAny
105runAsUser:
106 type: RunAsAny
107seLinuxContext:
108 type: RunAsAny
109supplementalGroups:
110 type: RunAsAny
111seccompProfiles:
112 - '*'
113users:
114 - system:serviceaccount:collectorforopenshift:collectorforopenshift
115volumes:
116 - '*'
117---
118apiVersion: v1
119kind: ServiceAccount
120metadata:
121 labels:
122 app: collectorforopenshift
123 name: collectorforopenshift
124 namespace: collectorforopenshift
125---
126apiVersion: rbac.authorization.k8s.io/v1
127kind: ClusterRole
128metadata:
129 labels:
130 app: collectorforopenshift
131 name: collectorforopenshift
132rules:
133- apiGroups:
134 - ""
135 - apps
136 - batch
137 - extensions
138 - collectord.io
139 - apps.openshift.io
140 - build.openshift.io
141 - authorization.openshift.io
142 - template.openshift.io
143 - quota.openshift.io
144 - discovery.k8s.io
145 resources:
146 - alertmanagers
147 - clusterresourcequotas
148 - clusterroles
149 - configurations
150 - cronjobs
151 - daemonsets
152 - deploymentconfigs
153 - deployments
154 - endpointslices
155 - events
156 - jobs
157 - namespaces
158 - nodes
159 - nodes/metrics
160 - nodes/proxy
161 - persistentvolumeclaims
162 - pods
163 - replicasets
164 - replicationcontrollers
165 - resourcequotas
166 - scheduledjobs
167 - secrets
168 - services
169 - splunkoutputs
170 - statefulsets
171 verbs:
172 - get
173 - list
174 - watch
175- nonResourceURLs:
176 - /metrics
177 verbs:
178 - get
179 apiGroups: []
180 resources: []
181---
182apiVersion: rbac.authorization.k8s.io/v1
183kind: ClusterRoleBinding
184metadata:
185 labels:
186 app: collectorforopenshift
187 name: collectorforopenshift
188roleRef:
189 kind: ClusterRole
190 name: collectorforopenshift
191 apiGroup: rbac.authorization.k8s.io
192subjects:
193 - kind: ServiceAccount
194 name: collectorforopenshift
195 namespace: collectorforopenshift
196---
197apiVersion: v1
198kind: ConfigMap
199metadata:
200 name: collectorforopenshift
201 namespace: collectorforopenshift
202 labels:
203 app: collectorforopenshift
204data:
205 001-general.conf: |
206 # The general configuration is used for all deployments
207 #
208 # Run collectord with the flag `-conf` and specify location of the configuration files.
209 #
210 # You can override all the values using environment variables with the format like
211 # COLLECTOR__<ANYNAME>=<section>__<key>=<value>
212 # As an example you can set `dataPath` in the `[general]` section as
213 # COLLECTOR__DATAPATH=general__dataPath=C:\\some\\path\\data.db
214 # This parameter can be configured using -env-override, set it to empty string to disable this feature
215
216 [general]
217
218 # Please review license https://www.outcoldsolutions.com/legal/license-agreement/
219 # and accept license by changing the value to *true*
220 acceptLicense = false
221
222 # Location for the database
223 # Collectord stores positions of the files and internal state
224 dataPath = ./data/
225
226 # log level (accepted values are trace, debug, info, warn, error, fatal)
227 logLevel = info
228
229 # http server gives access to two endpoints
230 # /healthz
231 # /metrics/json
232 # /metrics/prometheus
233 # httpServerBinding = 0.0.0.0:11888
234 httpServerBinding =
235
236 # log requests to the http server
237 httpServerLog = false
238
239 # telemetry report endpoint, set it to empty string to disable telemetry
240 telemetryEndpoint = https://license.outcold.solutions/telemetry/
241
242 # license check endpoint
243 licenseEndpoint = https://license.outcold.solutions/license/
244
245 # license server through proxy
246 # This configuration is used only for the Outcold Solutions License Server
247 # For license server running on-premises, use configuration under [license.client]
248 licenseServerProxyUrl =
249
250 # authentication with basic authorization (user:password)
251 # This configuration is used only for the Outcold Solutions License Server
252 # For license server running on-premises, use configuration under [license.client]
253 licenseServerProxyBasicAuth =
254
255 # license key
256 license =
257
258 # Environment variable $KUBERNETES_NODENAME is used by default to setup hostname
259 # Use value below to override specific name
260 hostname =
261
262 # Default output for events, logs and metrics
263 # valid values: splunk and devnull
264 # Use devnull by default if you don't want to redirect data
265 defaultOutput = splunk
266
267 # Default buffer size for file input
268 fileInputBufferSize = 256b
269
270 # Maximum size of one line the file reader can read
271 fileInputLineMaxSize = 1mb
272
273 # Include custom fields to attach to every event, in example below every event sent to Splunk will hav
274 # indexed field my_environment=dev. Fields names should match to ^[a-z][_a-z0-9]*$
275 # Better way to configure that is to specify labels for OpenShift Nodes.
276 # ; fields.my_environment = dev
277 # Identify the cluster if you are planning to monitor multiple clusters
278 fields.openshift_cluster = -
279
280 # Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
281 # Should be in format ec2Metadata.{desired_field_name} = {url path to read the value}
282 # ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
283 # ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type
284
285 # subdomain for the annotations added to the pods, workloads, namespaces or containers, like splunk.collectord.io/..
286 annotationsSubdomain =
287
288 # configure global thruput per second for forwarded logs (metrics are not included)
289 # for example if you set `thruputPerSecond = 512Kb`, that will limit amount of logs forwarded
290 # from the single Collectord instance to 512Kb per second.
291 # You can configure thruput individually for the logs (including specific for container logs) below
292 thruputPerSecond =
293
294 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
295 # older than 7 days
296 tooOldEvents =
297
298 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
299 tooNewEvents =
300
301 # For input.files::X and application logs, when glob or match are configured, Collectord can automatically
302 # detect gzipped files and skip them (based on the extensions or magic numbers)
303 autoSkipGzipFiles = true
304
305 # Multi-output async publishing. When enabled (default), events routed to
306 # non-default outputs are published asynchronously so that a slow or down
307 # output does not block events destined for other outputs.
308 ; multioutput.async = true
309 # Buffer size for the async proxy (default 100). Absorbs transient bursts.
310 # When this buffer and the output's own queue are both full, events are
311 # dropped immediately without blocking the pipeline.
312 ; multioutput.asyncBufferSize = 100
313
314 [license.client]
315 # point to the license located on the HTTP web server, or a hosted by the Collectord running as license server
316 url =
317 # basic authentication for the HTTP server
318 basicAuth =
319 # if SSL, ignore the certificate verification
320 insecure = false
321 # CA Path for the Server certificate
322 capath =
323 # CA Name fot the Server certificate
324 caname =
325 # license server through proxy
326 proxyUrl =
327 # authentication with basic authorization (user:password)
328 proxyBasicAuth =
329
330 # forward internal collectord metrics
331 [input.collectord_metrics]
332
333 # disable collectord internal metrics
334 disabled = false
335
336 # override type
337 type = openshift_prometheus
338
339 # how often to collect internal metrics
340 interval = 1m
341
342 # set output (splunk or devnull, default is [general]defaultOutput)
343 output =
344
345 # specify Splunk index
346 index =
347
348 # whitelist or blacklist the metrics
349 whitelist.1 = ^file_input_open$
350 whitelist.2 = ^file_input_read_bytes$
351 whitelist.3 = ^openshift_handlers$
352 whitelist.4 = ^pipe$
353 whitelist.5 = ^pipelines_num$
354 whitelist.6 = ^splunk_post_bytes_sum.*$
355 whitelist.7 = ^splunk_post_events_count_sum.*$
356 whitelist.8 = ^splunk_post_failed_requests$
357 whitelist.9 = ^splunk_post_message_max_lag_seconds_bucket.*$
358 whitelist.10 = ^splunk_post_requests_seconds_sum.*$
359 whitelist.11 = ^splunk_post_retries_required_sum.*$
360
361
362 # connection to kubernetes api
363 [general.kubernetes]
364
365 # Override service URL for Kubernetes (default is ${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT})
366 serviceURL =
367
368 # Environment variable $KUBERNETES_NODENAME is used by default to setup nodeName
369 # Use it only when you need to override it
370 nodeName =
371
372 # Configuration to access the API server,
373 # see https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
374 # for details
375 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
376 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
377
378 # Default timeout for http responses. The streaming/watch requests depend on this timeout.
379 timeout = 30m
380
381 # How long to keep the cache for the recent calls to API server (to limit number of calls when collectord discovers new pods)
382 metadataTTL = 30s
383
384 # regex to find pods
385 podsCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?$
386
387 # regex to find containers in the pods
388 containersCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?/(docker-|crio-|cri-\w+-)?[0-9a-f]{64}(\.scope)?(\/.+)?$
389
390 # path to the kubelet root location (use it to discover application logs for emptyDir)
391 # the expected format is `pods/{pod-id}/volumes/kubernetes.io~empty-dir/{volume-name}/_data/`
392 volumesRootDir = /rootfs/var/lib/kubelet/
393
394 # You can attach annotations as a metadata, using the format
395 # includeAnnotations.{key} = {regexp}
396 # For example if you want to include all annotations that starts with `prometheus.io` or `example.com` you can include
397 # the following format:
398 # includeAnnotations.1 = ^prometheus\.io.*
399 # includeAnnotations.2 = ^example\.com.*
400
401 # You can exclude labels from metadata, using the format
402 # excludeLabels.{key} = {regexp}
403 # For example if you want to exclude all labels that starts with `prometheus.io` or `example.com` you can include
404 # the following format:
405 # excludeLabels.1 = ^prometheus\.io.*
406 # excludeLabels.2 = ^example\.com.*
407
408 # watch for changes (annotations) in the objects
409 watch.namespaces = v1/namespace
410 watch.deploymentconfigs = apps.openshift.io/v1/deploymentconfig
411 watch.configurations = collectord.io/v1/configuration
412
413 # Collectord can review the assigned ClusterRole and traverse metadata for the Pods only for the Owner objects
414 # that are defined in the ClusterRole, ignoring anything else, it does not have access to.
415 # This way Collectord does not generate 403 requests on API Server
416 clusterRole = collectorforopenshift
417
418 # Alternative of telling Collectord about the ClusterRole is to manually list the objects.
419 # You can define which objects Collectord should traverse when it sees Owners.
420 ; traverseOwnership.namespaces = v1/namespace
421
422 # Implementation of the watch protocol.
423 # 0 - use the default implementation (2)
424 # 1 - use the watch implementation that is optimized for the small number of objects (just issue one watch for all objects)
425 # 2 - use the watch implementation that is optimized for the large number of objects (paginate through the list of objects and issue watch for the last resource version)
426 watchImplementation = 2
427
428 # watch for pods annotations, setup prometheus collection
429 # for these pods
430 # Addon listens on Pod Network
431 # DaemonSets listen on Host Network
432 [input.prometheus_auto]
433
434 # disable prometheus auto discovery for pods
435 disabled = false
436
437 # override type
438 type = openshift_prometheus
439
440 # specify Splunk index
441 index =
442
443 # how often to collect prometheus metrics
444 interval = 60s
445
446 # request timeout
447 timeout = 60s
448
449 # include metrics help with the events
450 includeHelp = true
451
452 # http client timeout
453 timeout = 30s
454
455 # set output (splunk or devnull, default is [general]defaultOutput)
456 output =
457
458 # Include an Authorization header for the prometheus scrapper
459 # When configuring scrapping with collectord using annotations use prometheus.1-AuthorizationKey=key1
460 # authorization.key1 = Bearer FOO
461
462
463 # Splunk output
464 [output.splunk]
465
466 # Splunk HTTP Event Collector url
467 url =
468 # You can specify muiltiple splunk URls with
469 #
470 # urls.0 = https://server1:8088/services/collector/event/1.0
471 # urls.1 = https://server1:8088/services/collector/event/1.0
472 # urls.2 = https://server1:8088/services/collector/event/1.0
473 #
474 # Limitations:
475 # * The urls cannot have different path.
476
477 # Specify how URL should be picked up (in case if multiple is used)
478 # urlSelection = random|round-robin|random-with-round-robin
479 # where:
480 # * random - choose random url on first selection and after each failure (connection or HTTP status code >= 500)
481 # * round-robin - choose url starting from first one and bump on each failure (connection or HTTP status code >= 500)
482 # * random-with-round-robin - choose random url on first selection and after that in round-robin on each
483 # failure (connection or HTTP status code >= 500)
484 urlSelection = random-with-round-robin
485
486 # Splunk HTTP Event Collector Token
487 token =
488
489 # Allow invalid SSL server certificate
490 insecure = false
491 # minTLSVersion = TLSv1.2
492 # maxTLSVersion = TLSv1.3
493
494 # Path to CA cerificate
495 caPath =
496
497 # CA Name to verify
498 caName =
499
500 # path for client certificate (if required)
501 clientCertPath =
502
503 # path for client key (if required)
504 clientKeyPath =
505
506 # Events are batched with the maximum size set by batchSize and staying in pipeline for not longer
507 # than set by frequency
508 frequency = 5s
509 batchSize = 768K
510 # limit by the number of events (0 value has no limit on the number of events)
511 events = 50
512
513 # Splunk through proxy
514 proxyUrl =
515
516 # authentication with basic authorization (user:password)
517 proxyBasicAuth =
518
519 # Splunk acknowledgement url (.../services/collector/ack)
520 ackUrl =
521 # You can specify muiltiple splunk URls for ackUrl
522 #
523 # ackUrls.0 = https://server1:8088/services/collector/ack
524 # ackUrls.1 = https://server1:8088/services/collector/ack
525 # ackUrls.2 = https://server1:8088/services/collector/ack
526 #
527 # Make sure that they in the same order as urls for url, to make sure that this Splunk instance will be
528 # able to acknowledge the payload.
529 #
530 # Limitations:
531 # * The urls cannot have different path.
532
533 # Enable index acknowledgment
534 ackEnabled = false
535
536 # Index acknowledgment timeout
537 ackTimeout = 3m
538
539 # Timeout specifies a time limit for requests made by collectord.
540 # The timeout includes connection time, any
541 # redirects, and reading the response body.
542 timeout = 30s
543
544 # in case when pipeline can post to multiple indexes, we want to avoid posibility of blocking
545 # all pipelines, because just some events have incorrect index
546 dedicatedClientPerIndex = true
547
548 # possible values: RedirectToDefault, Drop, Retry
549 incorrectIndexBehavior = RedirectToDefault
550
551 # gzip compression level (nocompression, default, 1...9)
552 compressionLevel = default
553
554 # number of dedicated splunk output threads (to increase throughput above 4k events per second)
555 threads = 2
556 # Default algorithm between threads is roundrobin, but you can change it to weighted
557 ; threadsAlgorithm = weighted
558
559 # if you want to exclude some preindexed fields from events
560 # excludeFields.openshift_pod_ip = true
561
562 # By default if there are no indexes defined on the message, Collectord sends the event without the index, and
563 # Splunk HTTP Event Collector going to use the default index for the Token. You can change that, and tell Collectord
564 # to ignore all events that don't have index defined explicitly
565 ; requireExplicitIndex = true
566
567 # You can define if you want to truncate messages that are larger than 1M in length (or define your own size, like 256K)
568 ; maximumMessageLength = 1M
569
570 # For messages generated from logs, include unique `event_id` in the event
571 ; includeEventID = false
572
573 # Dedicated queue size for the output, default is 1024, larger queue sizes will require more memory,
574 # but will allow to handle more events in case of network issues
575 queueSize = 1024
576
577 # How many digits after the decimal point to keep for timestamps (0-9)
578 # Defaults to 3 (milliseconds)
579 # Change to 6 for microseconds
580 # Change to 9 for nanoseconds
581 ; timestampPrecision = 3
582
583 002-daemonset.conf: |
584 # DaemonSet configuration is used for Nodes and Masters.
585
586 # connection to CRIO
587 [general.cri-o]
588
589 # url for CRIO API, only unix socket is supported
590 url = unix:///rootfs/var/run/crio/crio.sock
591
592 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
593 timeout = 1m
594
595 # cgroup input
596 [input.system_stats]
597
598 # disable system level stats
599 disabled.host = false
600 disabled.cgroup = false
601
602 # cgroups fs location
603 pathCgroups = /rootfs/sys/fs/cgroup
604
605 # proc location
606 pathProc = /rootfs/proc
607
608 # how often to collect cgroup stats
609 statsInterval = 30s
610
611 # override type
612 type.host = openshift_stats_v2_host
613 type.cgroup = openshift_stats_v2_cgroup
614
615 # specify Splunk index
616 index.host =
617 index.cgroup =
618
619 # set output (splunk or devnull, default is [general]defaultOutput)
620 output.host =
621 output.cgroup =
622
623
624 # proc input
625 [input.proc_stats]
626
627 # disable proc level stats
628 disabled = false
629
630 # proc location
631 pathProc = /rootfs/proc
632
633 # how often to collect proc stats
634 statsInterval = 60s
635
636 # override type
637 type = openshift_proc_stats_v2
638
639 # specify Splunk index
640 index.host =
641 index.cgroup =
642
643 # proc filesystem includes by default system threads (there can be over 100 of them)
644 # these stats do not help with the observability
645 # excluding them can reduce the size of the index, performance of the searches and usage of the collector
646 includeSystemThreads = false
647
648 # set output (splunk or devnull, default is [general]defaultOutput)
649 output.host =
650 output.cgroup =
651
652 # Hide arguments for the processes, replacing with HIDDEN_ARGS(NUMBER)
653 hideArgs = false
654
655
656 # network stats
657 [input.net_stats]
658
659 # disable net stats
660 disabled = false
661
662 # proc path location
663 pathProc = /rootfs/proc
664
665 # how often to collect net stats
666 statsInterval = 30s
667
668 # override type
669 type = openshift_net_stats_v2
670
671 # specify Splunk index
672 index.host =
673 index.cgroup =
674
675 # set output (splunk or devnull, default is [general]defaultOutput)
676 output.host =
677 output.cgroup =
678
679
680 # network socket table
681 [input.net_socket_table]
682
683 # disable net stats
684 disabled = false
685
686 # proc path location
687 pathProc = /rootfs/proc
688
689 # how often to collect net stats
690 statsInterval = 30s
691
692 # override type
693 type = openshift_net_socket_table
694
695 # specify Splunk index
696 index.host =
697 index.cgroup =
698
699 # set output (splunk or devnull, default is [general]defaultOutput)
700 output.host =
701 output.cgroup =
702
703 # group connections by tcp_state, localAddr, remoteAddr (if localPort is not the port it is listening on)
704 # that can significally reduces the amount of events
705 group = true
706
707 # Collectord can watch for services, node, and pod IP addresses, and lookup the names
708 # for the IP addresses. Keeping this enabled can add a significant load on the API Server, with large number of pods.
709 disableLookup = false
710
711
712 # mount input (collects mount stats where kubelet runtime is stored)
713 [input.mount_stats]
714
715 # disable system level stats
716 disabled = false
717
718 # how often to collect mount stats
719 statsInterval = 30s
720
721 # override type
722 type = openshift_mount_stats
723
724 # specify Splunk index
725 index =
726
727 # set output (splunk or devnull, default is [general]defaultOutput)
728 output =
729
730
731 # diskstats input (collects /proc/diskstats)
732 [input.disk_stats]
733
734 # disable system level stats
735 disabled = false
736
737 # how often to collect mount stats
738 statsInterval = 30s
739
740 # override type
741 type = openshift_disk_stats
742
743 # specify Splunk index
744 index =
745
746 # set output (splunk or devnull, default is [general]defaultOutput)
747 output =
748
749
750 # Container Log files
751 [input.files]
752
753 # disable container logs monitoring
754 disabled = false
755
756 # root location of docker log files
757 # logs are expected in standard docker format like {containerID}/{containerID}-json.log
758 # rotated files
759 path = /rootfs/var/lib/docker/containers/
760 # root location of CRI-O files
761 # logs are expected in Kubernetes format, like {podID}/{containerName}/0.log
762 crioPath = /rootfs/var/log/pods/
763
764 # (obsolete) glob matching pattern for log files
765 # glob = */*-json.log*
766
767 # files are read using polling schema, when reach the EOF how often to check if files got updated
768 pollingInterval = 250ms
769
770 # how often to look for the new files under logs path
771 walkingInterval = 5s
772
773 # include verbose fields in events (file offset)
774 verboseFields = false
775
776 # override type
777 type = openshift_logs
778
779 # specify Splunk index
780 index =
781
782 # docker splits events when they are larger than 10-100k (depends on the docker version)
783 # we join them together by default and forward to Splunk as one event
784 joinPartialEvents = true
785
786 # In case if your containers report messages with terminal colors or other escape sequences
787 # you can enable strip for all the containers in one place.
788 # Better is to enable it only for required container with the label collectord.io/strip-terminal-escape-sequences=true
789 stripTerminalEscapeSequences = false
790 # Regexp used for stripping terminal colors, it does not stip all the escape sequences
791 # Read https://man7.org/linux/man-pages/man4/console_codes.4.html for more information
792 stripTerminalEscapeSequencesRegex = (\x1b\[\d{1,3}(;\d{1,3})*m)|(\x07)|(\x1b]\d+(\s\d)?;[^\x07]+\x07)|(.*\x1b\[K)
793
794 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
795 samplingPercent = -1
796
797 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
798 samplingKey =
799
800 # set output (splunk or devnull, default is [general]defaultOutput)
801 output =
802
803 # configure default thruput per second for for each container log
804 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
805 # from the single container to 128Kb per second.
806 thruputPerSecond =
807
808 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
809 # older than 7 days
810 tooOldEvents =
811
812 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
813 tooNewEvents =
814
815
816 # Application Logs
817 [input.app_logs]
818
819 # disable container application logs monitoring
820 disabled = false
821
822 # root location of mounts (applies to hostPath mounts only), if the hostPath differs inside container from the path on host
823 root = /rootfs/
824
825 # how often to review list of available volumes
826 syncInterval = 5s
827
828 # glob matching pattern for log files
829 glob = *.log*
830
831 # files are read using polling schema, when reach the EOF how often to check if files got updated
832 pollingInterval = 250ms
833
834 # how often to look for the new files under logs path
835 walkingInterval = 5s
836
837 # include verbose fields in events (file offset)
838 verboseFields = false
839
840 # override type
841 type = openshift_logs
842
843 # specify Splunk index
844 index =
845
846 # we split files using new line character, with this configuration you can specify what defines the new event
847 # after new line
848 eventPatternRegex = ^[^\s]
849 # Maximum interval of messages in pipeline
850 eventPatternMaxInterval = 100ms
851 # Maximum time to wait for the messages in pipeline
852 eventPatternMaxWait = 1s
853 # Maximum message size
854 eventPatternMaxSize = 1MB
855
856 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
857 samplingPercent = -1
858
859 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
860 samplingKey =
861
862 # set output (splunk or devnull, default is [general]defaultOutput)
863 output =
864
865 # configure default thruput per second for for each container log
866 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
867 # from the single container to 128Kb per second.
868 thruputPerSecond =
869
870 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
871 # older than 7 days
872 tooOldEvents =
873
874 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
875 tooNewEvents =
876
877 # Configure how long Collectord should keep the file descriptors open for files, that has not been forwarded yet
878 # When using PVC, and if pipeline is lagging behind, Collectord holding open fd for files, can cause long termination
879 # of pods, as kubelet cannot unmount the PVC volume from the system
880 maxHoldAfterClose = 1800s
881
882
883 [input.journald]
884
885 # disable host level logs
886 disabled = false
887
888 # root location of log files
889 path.persistent = /rootfs/var/log/journal/
890 # only if required
891 # path.volatile = /rootfs/run/log/journal/
892
893 # when reach end of journald, how often to pull
894 pollingInterval = 250ms
895
896 # if you don't want to forward journald from the beginning,
897 # set the oldest event in relative value, like -14h or -30m or -30s (h/m/s supported)
898 startFromRel =
899
900 # override type
901 type = openshift_host_logs
902
903 # specify Splunk index
904 index =
905
906 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
907 samplingPercent = -1
908
909 # sampling key (should be regexp with the named match pattern `key`)
910 samplingKey =
911
912 # how often to reopen the journald to free old files
913 reopenInterval = 1h
914
915 # set output (splunk or devnull, default is [general]defaultOutput)
916 output =
917
918 # configure default thruput per second for this files group
919 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
920 # from the files in this group to 128Kb per second.
921 thruputPerSecond =
922
923 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
924 # older than 7 days
925 tooOldEvents =
926
927 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
928 tooNewEvents =
929
930 # by default every new event should start from not space symbol
931 eventPattern = ^[^\s]
932
933 # By default ignoring verbose hyperkube logs (all INFO messages)
934 blacklist.0 = ^I\d+.*$
935 # whitelist.0 = ^regexp$
936 # blacklist.1 = ^regexp$
937
938 # Move Journald logs reader to a separate process, to prevent process from crashing in case of corrupted log files
939 spawnExternalProcess = false
940
941 # Pipe to join events (container logs only)
942 [pipe.join]
943
944 # disable joining event
945 disabled = false
946
947 # Maximum interval of messages in pipeline
948 maxInterval = 100ms
949
950 # Maximum time to wait for the messages in pipeline
951 maxWait = 1s
952
953 # Maximum message size
954 maxSize = 1MB
955
956 # Default pattern to indicate new message (should start not from space)
957 patternRegex = ^[^\s]
958
959 # (depricated, use annotations for settings up join rules)
960 # Define special event join patterns for matched events
961 # Section consist of [pipe.join::<name>]
962 # [pipe.join::my_app]
963 ## Set match pattern for the fields
964 #; matchRegex.docker_container_image = my_app
965 #; matchRegex.stream = stdout
966 ## All events start from '[<digits>'
967 #; patternRegex = ^\[\d+
968
969 # You can configure global replace rules for the events, which can help to remove sensitive data
970 # from logs before they are sent to Splunk. Those rules will be applied to all pipelines for container logs, host logs,
971 # application logs and events.
972 # In the following example we replace password=TEST with password=********
973 ; [pipe.replace::name]
974 ; patternRegex = (password=)([^\s]+)
975 ; replace = $1********
976
977 # You can configure global hash rules for the events, which can help to hide sensitive data
978 # from logs before they are sent to outputs. Those rules will be applied to all pipelines for container logs, host logs,
979 # application logs and events.
980 # In the following example we hash IP addresses with fnv-1a-64
981 ; [pipe.hash::name]
982 ; match = (\d{1,3}\.){3}\d{1,3}'
983 ; function = fnv-1a-64
984
985
986 [input.prometheus::kubelet]
987
988 # disable prometheus kubelet metrics
989 disabled = false
990
991 # override type
992 type = openshift_prometheus
993
994 # specify Splunk index
995 index =
996
997 # Override host (environment variables are supported)
998 host = ${KUBERNETES_NODENAME}
999
1000 # Override source
1001 source = kubelet
1002
1003 # how often to collect prometheus metrics
1004 interval = 60s
1005
1006 # request timeout
1007 timeout = 60s
1008
1009 # prometheus endpoint
1010 endpoint = https://127.0.0.1:10250/metrics
1011
1012 # token for "Authorization: Bearer $(cat tokenPath)"
1013 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1014
1015 # server certificate for certificate validation
1016 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1017
1018 # client certificate for authentication
1019 clientCertPath =
1020
1021 # Allow invalid SSL server certificate
1022 insecure = true
1023
1024 # include metrics help with the events
1025 # can be useful to explore prometheus metrics
1026 includeHelp = false
1027
1028 # set output (splunk or devnull, default is [general]defaultOutput)
1029 output =
1030
1031 # filter only metrics used by dashboards
1032 whitelist.1 = ^(kubernetes|openshift)_build_info$
1033 whitelist.2 = ^kubelet_runtime_operations_duration_seconds_sum$
1034 whitelist.3 = ^kubelet_docker_operations_duration_seconds_sum$
1035 whitelist.4 = ^kubelet_network_plugin_operations_duration_seconds_sum$
1036 whitelist.5 = ^kubelet_cgroup_manager_duration_seconds_sum$
1037 whitelist.6 = ^storage_operation_duration_seconds_sum$
1038 whitelist.7 = ^kubelet_docker_operations_errors_total$
1039 whitelist.8 = ^kubelet_runtime_operations_errors_total$
1040 whitelist.9 = ^rest_client_requests_total$
1041 whitelist.10 = ^process_cpu_seconds_total$
1042 whitelist.11 = ^process_resident_memory_bytes$
1043 whitelist.12 = ^process_virtual_memory_bytes$
1044 whitelist.13 = ^kubelet_volume_stats_.+$
1045
1046 ; # Collectord reports if entropy is low (uncomment to use it)
1047 ; [diagnostics::node-entropy]
1048 ; settings.path = /rootfs/proc/sys/kernel/random/entropy_avail
1049 ; settings.interval = 1h
1050 ; settings.threshold = 800
1051
1052 # Collectord can report if node reboot is required (uncomment to use it)
1053 [diagnostics::node-reboot-required]
1054 settings.path = /rootfs/var/run/reboot-required*
1055 settings.interval = 1h
1056
1057 # See https://www.kernel.org/doc/Documentation/admin-guide/hw-vuln/index.rst
1058 # And https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-devices-system-cpu
1059 [diagnostics::cpu-vulnerabilities]
1060 settings.path = /rootfs/sys/devices/system/cpu/vulnerabilities/*
1061 settings.interval = 1h
1062
1063 003-daemonset-master.conf: |
1064 [input.prometheus::kubernetes-api]
1065
1066 # disable prometheus kubernetes-api input
1067 disabled = false
1068
1069 # override type
1070 type = openshift_prometheus
1071
1072 # specify Splunk index
1073 index =
1074
1075 # override host
1076 host = ${KUBERNETES_NODENAME}
1077
1078 # override source
1079 source = kubernetes-api
1080
1081 # how often to collect prometheus metrics
1082 interval = 60s
1083
1084 # request timeout
1085 timeout = 60s
1086
1087 # prometheus endpoint
1088 # at first trying to get it from localhost (that way avoiding load balancer, if multiple)
1089 # as fallback using proxy
1090 endpoint.1localhost = https://127.0.0.1:8443/metrics
1091 endpoint.2kubeapi = https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/metrics
1092
1093 # token for "Authorization: Bearer $(cat tokenPath)"
1094 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1095
1096 # server certificate for certificate validation
1097 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1098
1099 # client certificate for authentication
1100 clientCertPath =
1101
1102 # Allow invalid SSL server certificate
1103 insecure = true
1104
1105 # include metrics help with the events
1106 includeHelp = false
1107
1108 # set output (splunk or devnull, default is [general]defaultOutput)
1109 output =
1110
1111 # filter only metrics used by dashboards
1112 whitelist.1 = ^(kubernetes|openshift)_build_info$
1113 whitelist.2 = ^authenticated_user_requests$
1114 whitelist.3 = ^apiserver_request_total$
1115 whitelist.4 = ^process_cpu_seconds_total$
1116 whitelist.5 = ^process_resident_memory_bytes$
1117 whitelist.6 = ^process_virtual_memory_bytes$
1118
1119
1120 [input.prometheus::controller]
1121
1122 # disable prometheus controller metrics
1123 disabled = false
1124
1125 # override type
1126 type = openshift_prometheus
1127
1128 # specify Splunk index
1129 index =
1130
1131 # override host
1132 host = ${KUBERNETES_NODENAME}
1133
1134 # override source
1135 source = controller
1136
1137 # how often to collect prometheus metrics
1138 interval = 60s
1139
1140 # request timeout
1141 timeout = 60s
1142
1143 # prometheus endpoint
1144 endpoint.https1 = https://:10257/metrics
1145 endpoint.https2 = https://:8444/metrics
1146
1147 # token for "Authorization: Bearer $(cat tokenPath)"
1148 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1149
1150 # server certificate for certificate validation
1151 certPath =
1152
1153 # client certificate for authentication
1154 clientCertPath =
1155 clientKeyPath =
1156
1157 # Allow invalid SSL server certificate
1158 insecure = true
1159
1160 # include metrics help with the events
1161 includeHelp = false
1162
1163 # set output (splunk or devnull, default is [general]defaultOutput)
1164 output =
1165
1166 # filter only metrics used by dashboards
1167 whitelist.1 = ^(kubernetes|openshift)_build_info$
1168 whitelist.2 = ^process_cpu_seconds_total$
1169 whitelist.3 = ^process_resident_memory_bytes$
1170 whitelist.4 = ^process_virtual_memory_bytes$
1171 whitelist.5 = ^node_collector_zone_size$
1172 whitelist.6 = ^node_collector_zone_health$
1173 whitelist.7 = ^node_collector_unhealthy_nodes_in_zone$
1174
1175 [input.prometheus::scheduler]
1176
1177 # disable prometheus scheduler metrics
1178 disabled = false
1179
1180 # override type
1181 type = openshift_prometheus
1182
1183 # specify Splunk index
1184 index =
1185
1186 # override host
1187 host = ${KUBERNETES_NODENAME}
1188
1189 # override source
1190 source = scheduler
1191
1192 # how often to collect prometheus metrics
1193 interval = 60s
1194
1195 # request timeout
1196 timeout = 60s
1197
1198 # prometheus endpoint
1199 endpoint.https1 = https://:10259/metrics
1200 endpoint.https2 = https://:8444/metrics
1201
1202 # token for "Authorization: Bearer $(cat tokenPath)"
1203 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1204
1205 # server certificate for certificate validation
1206 certPath =
1207
1208 # client certificate for authentication
1209 clientCertPath =
1210 clientKeyPath =
1211
1212 # Allow invalid SSL server certificate
1213 insecure = true
1214
1215 # include metrics help with the events
1216 includeHelp = false
1217
1218 # set output (splunk or devnull, default is [general]defaultOutput)
1219 output =
1220
1221 # filter only metrics used by dashboards
1222 whitelist.1 = ^(kubernetes|openshift)_build_info$
1223 whitelist.2 = ^scheduler_e2e_scheduling_duration_seconds_sum$
1224 whitelist.3 = ^scheduler_binding_duration_seconds_sum$
1225 whitelist.4 = ^scheduler_scheduling_algorithm_duration_seconds_sum$
1226 whitelist.5 = ^process_cpu_seconds_total$
1227 whitelist.6 = ^process_resident_memory_bytes$
1228 whitelist.7 = ^process_virtual_memory_bytes$
1229
1230
1231 [input.prometheus::etcd]
1232
1233 # disable prometheus etcd metrics
1234 disabled = false
1235
1236 # override type
1237 type = openshift_prometheus
1238
1239 # specify Splunk index
1240 index =
1241
1242 # override host
1243 host = ${KUBERNETES_NODENAME}
1244
1245 # override source
1246 source = etcd
1247
1248 # how often to collect prometheus metricd
1249 interval = 60s
1250
1251 # prometheus endpoint
1252 endpoint.https1 = https://:9979/metrics
1253 endpoint.https2 = https://:9978/metrics
1254
1255 # token for "Authorization: Bearer $(cat tokenPath)"
1256 tokenPath =
1257
1258 # server certificate for certificate validation
1259 certPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-serving-*.crt
1260
1261 # client certificate for authentication
1262 clientCertPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-peer-*.crt
1263 clientKeyPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-peer-*.key
1264
1265 # Allow invalid SSL server certificate
1266 insecure = true
1267
1268 # include metrics help with the events
1269 includeHelp = false
1270
1271 # set output (splunk or devnull, default is [general]defaultOutput)
1272 output =
1273
1274 whitelist.1 = ^etcd_server_leader_changes_seen_total$
1275 whitelist.2 = ^etcd_server_has_leader$
1276 whitelist.3 = ^etcd_server_proposals_committed_total$
1277 whitelist.4 = ^etcd_server_proposals_applied_total$
1278 whitelist.5 = ^etcd_server_proposals_committed_total$
1279 whitelist.6 = ^etcd_server_proposals_pending$
1280 whitelist.7 = ^etcd_server_proposals_failed_total$
1281 whitelist.8 = ^etcd_disk_wal_fsync_duration_seconds_sum$
1282 whitelist.9 = ^etcd_disk_wal_fsync_duration_seconds_count$
1283 whitelist.10 = ^etcd_disk_backend_commit_duration_seconds_sum$
1284 whitelist.11 = ^etcd_disk_backend_commit_duration_seconds_count$
1285 whitelist.12 = ^etcd_network_client_grpc_.*$
1286 whitelist.13 = ^grpc_server_handled_total$
1287 whitelist.14 = ^etcd_network_peer_round_trip_time_seconds_bucket$
1288 whitelist.15 = ^process_cpu_seconds_total$
1289 whitelist.16 = ^process_resident_memory_bytes$
1290 whitelist.17 = ^process_virtual_memory_bytes$
1291 whitelist.18 = ^process_open_fds$
1292 whitelist.19 = ^process_max_fds$
1293 whitelist.20 = ^etcd_disk_backend_commit_duration_seconds_bucket$
1294 whitelist.21 = ^etcd_disk_wal_fsync_duration_seconds_bucket$
1295
1296
1297 # Audit logs
1298 [input.files::audit-logs]
1299
1300 # disable host level logs
1301 disabled = false
1302
1303 # root location of for audit logs
1304 path = /rootfs/var/log/kube-apiserver/
1305
1306 # glob matching files
1307 glob = audit*.log
1308
1309 # files are read using polling schema, when reach the EOF how often to check if files got updated
1310 pollingInterval = 250ms
1311
1312 # how often o look for the new files under logs path
1313 walkingInterval = 5s
1314
1315 # include verbose fields in events (file offset)
1316 verboseFields = false
1317
1318 # override type
1319 type = openshift_host_logs
1320
1321 # specify Splunk index
1322 index =
1323
1324 # field extraction
1325 extraction = (?P<message>.*"stageTimestamp":"(?P<timestamp>[^"]+)".*)
1326 extractionMessageField = message
1327
1328 # timestamp field
1329 timestampField = timestamp
1330
1331 # format for timestamp
1332 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
1333 timestampFormat = 2006-01-02T15:04:05.999999999Z07:00
1334
1335 # timestamp location (if not defined by format)
1336 timestampLocation =
1337
1338 # set output (splunk or devnull, default is [general]defaultOutput)
1339 output =
1340
1341 # configure default thruput per second for this files group
1342 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
1343 # from the files in this group to 128Kb per second.
1344 thruputPerSecond =
1345
1346 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
1347 # older than 7 days
1348 tooOldEvents =
1349
1350 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
1351 tooNewEvents =
1352
1353 # Blacklisting and whitelisting the logs
1354 # whitelist.0 = ^regexp$
1355 # blacklist.0 = ^regexp$
1356
1357
1358 004-addon.conf: |
1359 [general]
1360 # addons can be run in parallel with agents
1361 addon = true
1362
1363
1364 [input.kubernetes_events]
1365
1366 # disable collecting kubernetes events
1367 disabled = false
1368
1369 # override type
1370 type = openshift_events
1371
1372 # specify Splunk index
1373 index =
1374
1375 # set output (splunk or devnull, default is [general]defaultOutput)
1376 output =
1377
1378 # exclude managed fields from the metadata
1379 excludeManagedFields = true
1380
1381
1382 [input.kubernetes_watch::pods]
1383
1384 # disable events
1385 disabled = false
1386
1387 # Set the timeout for how often watch request should refresh the whole list
1388 refresh = 10m
1389
1390 apiVersion = v1
1391 kind = Pod
1392 namespace =
1393
1394 # override type
1395 type = openshift_objects
1396
1397 # specify Splunk index
1398 index =
1399
1400 # set output (splunk or devnull, default is [general]defaultOutput)
1401 output =
1402
1403 # exclude managed fields from the metadata
1404 excludeManagedFields = true
1405
1406 # you can remove or hash some values in the events (after modifyValues you can define path in the JSON object,
1407 # and the value can be hash:{hashFunction}, or remove to remove the object )
1408 ; modifyValues.object.data.* = hash:sha256
1409 ; modifyValues.object.metadata.annotations.* = remove
1410
1411 # You can exclude events by namespace with blacklist or whitelist only required namespaces
1412 # blacklist.kubernetes_namespace = ^namespace0$
1413 # whitelist.kubernetes_namespace = ^((namespace1)|(namespace2))$
1414
1415 [input.kubernetes_watch::resourcequota]
1416 # disable events
1417 disabled = false
1418
1419 # Set the timeout for how often watch request should refresh the whole list
1420 refresh = 10m
1421
1422 apiVersion = v1
1423 kind = ResourceQuota
1424 namespace =
1425
1426 # override type
1427 type = openshift_objects
1428
1429 # specify Splunk index
1430 index =
1431
1432 # set output (splunk or devnull, default is [general]defaultOutput)
1433 output =
1434
1435 # exclude managed fields from the metadata
1436 excludeManagedFields = true
1437
1438
1439 [input.kubernetes_watch::clusterresourcequota]
1440 # disable events
1441 disabled = false
1442
1443 # Set the timeout for how often watch request should refresh the whole list
1444 refresh = 10m
1445
1446 apiVersion = quota.openshift.io/v1
1447 kind = ClusterResourceQuota
1448 namespace =
1449
1450 # override type
1451 type = openshift_objects
1452
1453 # specify Splunk index
1454 index =
1455
1456 # set output (splunk or devnull, default is [general]defaultOutput)
1457 output =
1458
1459 # exclude managed fields from the metadata
1460 excludeManagedFields = true
1461
1462
1463 [input.kubernetes_watch::nodes]
1464 # disable events
1465 disabled = false
1466
1467 # Set the timeout for how often watch request should refresh the whole list
1468 refresh = 10m
1469
1470 apiVersion = v1
1471 kind = Node
1472 namespace =
1473
1474 # override type
1475 type = openshift_objects
1476
1477 # specify Splunk index
1478 index =
1479
1480 # set output (splunk or devnull, default is [general]defaultOutput)
1481 output =
1482
1483 # exclude managed fields from the metadata
1484 excludeManagedFields = true
1485
1486---
1487apiVersion: apps/v1
1488kind: DaemonSet
1489metadata:
1490 name: collectorforopenshift
1491 namespace: collectorforopenshift
1492 labels:
1493 app: collectorforopenshift
1494spec:
1495 # Default updateStrategy is OnDelete. For collectord RollingUpdate is suitable
1496 # When you update configuration
1497 updateStrategy:
1498 type: RollingUpdate
1499
1500 selector:
1501 matchLabels:
1502 daemon: collectorforopenshift
1503
1504 template:
1505 metadata:
1506 name: collectorforopenshift
1507 labels:
1508 daemon: collectorforopenshift
1509 spec:
1510 priorityClassName: collectorforopenshift-critical
1511 dnsPolicy: ClusterFirstWithHostNet
1512 hostNetwork: true
1513 serviceAccountName: collectorforopenshift
1514 # We run this DaemonSet only for Non-Masters
1515 affinity:
1516 nodeAffinity:
1517 requiredDuringSchedulingIgnoredDuringExecution:
1518 nodeSelectorTerms:
1519 - matchExpressions:
1520 - key: node-role.kubernetes.io/control-plane
1521 operator: DoesNotExist
1522 tolerations:
1523 - operator: "Exists"
1524 effect: "NoSchedule"
1525 - operator: "Exists"
1526 effect: "NoExecute"
1527 containers:
1528 - name: collectorforopenshift
1529 # Stick to specific version
1530 image: registry.connect.redhat.com/outcoldsolutions/collectorforopenshift:26.04.3
1531 securityContext:
1532 privileged: true
1533 runAsUser: 0
1534 # Define your resources if you need. Defaults should be fine for most.
1535 resources:
1536 limits:
1537 cpu: 2000m
1538 memory: 512Mi
1539 requests:
1540 cpu: 500m
1541 memory: 256Mi
1542 env:
1543 - name: KUBERNETES_NODENAME
1544 valueFrom:
1545 fieldRef:
1546 fieldPath: spec.nodeName
1547 - name: POD_NAME
1548 valueFrom:
1549 fieldRef:
1550 fieldPath: metadata.name
1551 volumeMounts:
1552 # We store state in /data folder (file positions)
1553 - name: collectorforopenshift-state
1554 mountPath: /data
1555 # Configuration file deployed with ConfigMap
1556 - name: collectorforopenshift-config
1557 mountPath: /config/
1558 readOnly: true
1559 # Rootfs
1560 - name: rootfs
1561 mountPath: /rootfs/
1562 readOnly: false
1563 mountPropagation: HostToContainer
1564 # correct timezone
1565 - name: localtime
1566 mountPath: /etc/localtime
1567 readOnly: true
1568 volumes:
1569 # We store state directly on host, change this location, if
1570 # your persistent volume is somewhere else
1571 - name: collectorforopenshift-state
1572 hostPath:
1573 path: /var/lib/collectorforopenshift/data/
1574 type: DirectoryOrCreate
1575 # Location of rootfs
1576 - name: rootfs
1577 hostPath:
1578 path: /
1579 # correct timezone
1580 - name: localtime
1581 hostPath:
1582 path: /etc/localtime
1583 # configuration from ConfigMap
1584 - name: collectorforopenshift-config
1585 configMap:
1586 name: collectorforopenshift
1587 items:
1588 - key: 001-general.conf
1589 path: 001-general.conf
1590 - key: 002-daemonset.conf
1591 path: 002-daemonset.conf
1592---
1593apiVersion: apps/v1
1594kind: DaemonSet
1595metadata:
1596 name: collectorforopenshift-master
1597 namespace: collectorforopenshift
1598 labels:
1599 app: collectorforopenshift
1600spec:
1601 updateStrategy:
1602 type: RollingUpdate
1603 selector:
1604 matchLabels:
1605 daemon: collectorforopenshift
1606 template:
1607 metadata:
1608 name: collectorforopenshift-master
1609 labels:
1610 daemon: collectorforopenshift
1611 spec:
1612 priorityClassName: collectorforopenshift-critical
1613 dnsPolicy: ClusterFirstWithHostNet
1614 hostNetwork: true
1615 serviceAccountName: collectorforopenshift
1616 # Deploy only on master
1617 affinity:
1618 nodeAffinity:
1619 requiredDuringSchedulingIgnoredDuringExecution:
1620 nodeSelectorTerms:
1621 - matchExpressions:
1622 - key: node-role.kubernetes.io/control-plane
1623 operator: Exists
1624 tolerations:
1625 - operator: "Exists"
1626 effect: "NoSchedule"
1627 - operator: "Exists"
1628 effect: "NoExecute"
1629 containers:
1630 - name: collectorforopenshift
1631 image: registry.connect.redhat.com/outcoldsolutions/collectorforopenshift:26.04.3
1632 securityContext:
1633 privileged: true
1634 runAsUser: 0
1635 resources:
1636 limits:
1637 cpu: 2000m
1638 memory: 1024Mi
1639 requests:
1640 cpu: 500m
1641 memory: 256Mi
1642 env:
1643 - name: KUBERNETES_NODENAME
1644 valueFrom:
1645 fieldRef:
1646 fieldPath: spec.nodeName
1647 - name: POD_NAME
1648 valueFrom:
1649 fieldRef:
1650 fieldPath: metadata.name
1651 volumeMounts:
1652 - name: collectorforopenshift-state
1653 mountPath: /data
1654 - name: collectorforopenshift-config
1655 mountPath: /config/
1656 readOnly: true
1657 # Rootfs
1658 - name: rootfs
1659 mountPath: /rootfs/
1660 readOnly: false
1661 mountPropagation: HostToContainer
1662 - name: localtime
1663 mountPath: /etc/localtime
1664 readOnly: true
1665 volumes:
1666 - name: collectorforopenshift-state
1667 hostPath:
1668 path: /var/lib/collectorforopenshift/data/
1669 type: DirectoryOrCreate
1670 - name: rootfs
1671 hostPath:
1672 path: /
1673 - name: localtime
1674 hostPath:
1675 path: /etc/localtime
1676 - name: collectorforopenshift-config
1677 configMap:
1678 name: collectorforopenshift
1679 items:
1680 - key: 001-general.conf
1681 path: 001-general.conf
1682 - key: 002-daemonset.conf
1683 path: 002-daemonset.conf
1684 - key: 003-daemonset-master.conf
1685 path: 003-daemonset-master.conf
1686---
1687apiVersion: apps/v1
1688kind: Deployment
1689metadata:
1690 name: collectorforopenshift-addon
1691 namespace: collectorforopenshift
1692 labels:
1693 app: collectorforopenshift
1694spec:
1695 replicas: 1
1696 selector:
1697 matchLabels:
1698 daemon: collectorforopenshift
1699 template:
1700 metadata:
1701 name: collectorforopenshift-addon
1702 labels:
1703 daemon: collectorforopenshift
1704 spec:
1705 priorityClassName: collectorforopenshift-critical
1706 serviceAccountName: collectorforopenshift
1707 containers:
1708 - name: collectorforopenshift
1709 image: registry.connect.redhat.com/outcoldsolutions/collectorforopenshift:26.04.3
1710 securityContext:
1711 privileged: true
1712 runAsUser: 0
1713 resources:
1714 limits:
1715 cpu: 1000m
1716 memory: 512Mi
1717 requests:
1718 cpu: 200m
1719 memory: 64Mi
1720 env:
1721 - name: KUBERNETES_NODENAME
1722 valueFrom:
1723 fieldRef:
1724 fieldPath: spec.nodeName
1725 - name: POD_NAME
1726 valueFrom:
1727 fieldRef:
1728 fieldPath: metadata.name
1729 volumeMounts:
1730 - name: collectorforopenshift-state
1731 mountPath: /data
1732 - name: collectorforopenshift-config
1733 mountPath: /config/
1734 readOnly: true
1735 volumes:
1736 - name: collectorforopenshift-state
1737 hostPath:
1738 path: /var/lib/collectorforopenshift/data/
1739 type: Directory
1740 - name: collectorforopenshift-config
1741 configMap:
1742 name: collectorforopenshift
1743 items:
1744 - key: 001-general.conf
1745 path: 001-general.conf
1746 - key: 004-addon.conf
1747 path: 004-addon.conf
