1apiVersion: project.openshift.io/v1
2kind: Project
3metadata:
4 labels:
5 app: collectorforopenshift
6 name: collectorforopenshift
7 annotations:
8 openshift.io/node-selector: ''
9 openshift.io/description: 'Monitoring OpenShift in Splunk, built by Outcold Solutions'
10 openshift.io/display-name: 'Collectord for OpenShift'
11---
12apiVersion: apiextensions.k8s.io/v1
13kind: CustomResourceDefinition
14metadata:
15 name: configurations.collectord.io
16spec:
17 group: collectord.io
18 versions:
19 - name: v1
20 served: true
21 storage: true
22 schema:
23 openAPIV3Schema:
24 type: object
25 properties:
26 spec:
27 type: object
28 additionalProperties: true
29 force:
30 type: boolean
31 scope: Cluster
32 names:
33 listKind: ConfigurationList
34 plural: configurations
35 singular: configuration
36 kind: Configuration
37---
38apiVersion: apiextensions.k8s.io/v1
39kind: CustomResourceDefinition
40metadata:
41 name: splunkoutputs.collectord.io
42spec:
43 group: collectord.io
44 versions:
45 - name: v1
46 served: true
47 storage: true
48 schema:
49 openAPIV3Schema:
50 type: object
51 properties:
52 spec:
53 type: object
54 properties:
55 url:
56 type: string
57 format: uri
58 insecure:
59 type: boolean
60 token:
61 type: string
62 description: "Plain token"
63 tokenFromSecret:
64 type: object
65 description: "Reference to a Kubernetes Secret"
66 properties:
67 secret:
68 type: string
69 key:
70 type: string
71 oneOf:
72 - required: ["token"]
73 - required: ["tokenFromSecret"]
74 scope: Namespaced
75 names:
76 listKind: SplunkOutputList
77 plural: splunkoutputs
78 singular: splunkoutput
79 kind: SplunkOutput
80---
81apiVersion: scheduling.k8s.io/v1
82kind: PriorityClass
83metadata:
84 name: collectorforopenshift-critical
85value: 1000000000
86---
87kind: SecurityContextConstraints
88apiVersion: security.openshift.io/v1
89metadata:
90 name: collectorforopenshift
91allowHostDirVolumePlugin: true
92allowHostIPC: true
93allowHostNetwork: true
94allowHostPID: true
95allowHostPorts: true
96allowPrivilegeEscalation: true
97allowPrivilegedContainer: true
98readOnlyRootFilesystem: false
99allowedCapabilities:
100 - '*'
101allowedUnsafeSysctls:
102 - '*'
103fsGroup:
104 type: RunAsAny
105runAsUser:
106 type: RunAsAny
107seLinuxContext:
108 type: RunAsAny
109supplementalGroups:
110 type: RunAsAny
111seccompProfiles:
112 - '*'
113users:
114 - system:serviceaccount:collectorforopenshift:collectorforopenshift
115volumes:
116 - '*'
117---
118apiVersion: v1
119kind: ServiceAccount
120metadata:
121 labels:
122 app: collectorforopenshift
123 name: collectorforopenshift
124 namespace: collectorforopenshift
125---
126apiVersion: rbac.authorization.k8s.io/v1
127kind: ClusterRole
128metadata:
129 labels:
130 app: collectorforopenshift
131 name: collectorforopenshift
132rules:
133- apiGroups:
134 - ""
135 - apps
136 - batch
137 - extensions
138 - collectord.io
139 - apps.openshift.io
140 - build.openshift.io
141 - authorization.openshift.io
142 - template.openshift.io
143 - quota.openshift.io
144 resources:
145 - splunkoutputs
146 - alertmanagers
147 - cronjobs
148 - daemonsets
149 - deployments
150 - endpoints
151 - events
152 - jobs
153 - namespaces
154 - nodes
155 - nodes/metrics
156 - nodes/proxy
157 - pods
158 - replicasets
159 - replicationcontrollers
160 - scheduledjobs
161 - secrets
162 - services
163 - statefulsets
164 - persistentvolumeclaims
165 - configurations
166 - resourcequotas
167 - deploymentconfigs
168 - clusterroles
169 - clusterresourcequotas
170 verbs:
171 - get
172 - list
173 - watch
174- nonResourceURLs:
175 - /metrics
176 verbs:
177 - get
178 apiGroups: []
179 resources: []
180---
181apiVersion: rbac.authorization.k8s.io/v1
182kind: ClusterRoleBinding
183metadata:
184 labels:
185 app: collectorforopenshift
186 name: collectorforopenshift
187roleRef:
188 kind: ClusterRole
189 name: collectorforopenshift
190 apiGroup: rbac.authorization.k8s.io
191subjects:
192 - kind: ServiceAccount
193 name: collectorforopenshift
194 namespace: collectorforopenshift
195---
196apiVersion: v1
197kind: ConfigMap
198metadata:
199 name: collectorforopenshift
200 namespace: collectorforopenshift
201 labels:
202 app: collectorforopenshift
203data:
204 001-general.conf: |
205 # The general configuration is used for all deployments
206 #
207 # Run collectord with the flag `-conf` and specify location of the configuration files.
208 #
209 # You can override all the values using environment variables with the format like
210 # COLLECTOR__<ANYNAME>=<section>__<key>=<value>
211 # As an example you can set `dataPath` in the `[general]` section as
212 # COLLECTOR__DATAPATH=general__dataPath=C:\\some\\path\\data.db
213 # This parameter can be configured using -env-override, set it to empty string to disable this feature
214
215 [general]
216
217 # Please review license https://www.outcoldsolutions.com/docs/license-agreement/
218 # and accept license by changing the value to *true*
219 acceptLicense = false
220
221 # Location for the database
222 # Collectord stores positions of the files and internal state
223 dataPath = ./data/
224
225 # log level (accepted values are trace, debug, info, warn, error, fatal)
226 logLevel = info
227
228 # http server gives access to two endpoints
229 # /healthz
230 # /metrics/json
231 # /metrics/prometheus
232 # httpServerBinding = 0.0.0.0:11888
233 httpServerBinding =
234
235 # log requests to the http server
236 httpServerLog = false
237
238 # telemetry report endpoint, set it to empty string to disable telemetry
239 telemetryEndpoint = https://license.outcold.solutions/telemetry/
240
241 # license check endpoint
242 licenseEndpoint = https://license.outcold.solutions/license/
243
244 # license server through proxy
245 # This configuration is used only for the Outcold Solutions License Server
246 # For license server running on-premises, use configuration under [license.client]
247 licenseServerProxyUrl =
248
249 # authentication with basic authorization (user:password)
250 # This configuration is used only for the Outcold Solutions License Server
251 # For license server running on-premises, use configuration under [license.client]
252 licenseServerProxyBasicAuth =
253
254 # license key
255 license =
256
257 # Environment variable $KUBERNETES_NODENAME is used by default to setup hostname
258 # Use value below to override specific name
259 hostname =
260
261 # Default output for events, logs and metrics
262 # valid values: splunk and devnull
263 # Use devnull by default if you don't want to redirect data
264 defaultOutput = splunk
265
266 # Default buffer size for file input
267 fileInputBufferSize = 256b
268
269 # Maximum size of one line the file reader can read
270 fileInputLineMaxSize = 1mb
271
272 # Include custom fields to attach to every event, in example below every event sent to Splunk will hav
273 # indexed field my_environment=dev. Fields names should match to ^[a-z][_a-z0-9]*$
274 # Better way to configure that is to specify labels for OpenShift Nodes.
275 # ; fields.my_environment = dev
276 # Identify the cluster if you are planning to monitor multiple clusters
277 fields.openshift_cluster = -
278
279 # Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
280 # Should be in format ec2Metadata.{desired_field_name} = {url path to read the value}
281 # ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
282 # ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type
283
284 # subdomain for the annotations added to the pods, workloads, namespaces or containers, like splunk.collectord.io/..
285 annotationsSubdomain =
286
287 # configure global thruput per second for forwarded logs (metrics are not included)
288 # for example if you set `thruputPerSecond = 512Kb`, that will limit amount of logs forwarded
289 # from the single Collectord instance to 512Kb per second.
290 # You can configure thruput individually for the logs (including specific for container logs) below
291 thruputPerSecond =
292
293 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
294 # older than 7 days
295 tooOldEvents =
296
297 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
298 tooNewEvents =
299
300 # For input.files::X and application logs, when glob or match are configured, Collectord can automatically
301 # detect gzipped files and skip them (based on the extensions or magic numbers)
302 autoSkipGzipFiles = true
303
304 # Multi-output async publishing. When enabled (default), events routed to
305 # non-default outputs are published asynchronously so that a slow or down
306 # output does not block events destined for other outputs.
307 ; multioutput.async = true
308 # Buffer size for the async proxy (default 100). Absorbs transient bursts.
309 # When this buffer and the output's own queue are both full, events are
310 # dropped immediately without blocking the pipeline.
311 ; multioutput.asyncBufferSize = 100
312
313 [license.client]
314 # point to the license located on the HTTP web server, or a hosted by the Collectord running as license server
315 url =
316 # basic authentication for the HTTP server
317 basicAuth =
318 # if SSL, ignore the certificate verification
319 insecure = false
320 # CA Path for the Server certificate
321 capath =
322 # CA Name fot the Server certificate
323 caname =
324 # license server through proxy
325 proxyUrl =
326 # authentication with basic authorization (user:password)
327 proxyBasicAuth =
328
329 # forward internal collectord metrics
330 [input.collectord_metrics]
331
332 # disable collectord internal metrics
333 disabled = false
334
335 # override type
336 type = openshift_prometheus
337
338 # how often to collect internal metrics
339 interval = 1m
340
341 # set output (splunk or devnull, default is [general]defaultOutput)
342 output =
343
344 # specify Splunk index
345 index =
346
347 # whitelist or blacklist the metrics
348 whitelist.1 = ^file_input_open$
349 whitelist.2 = ^file_input_read_bytes$
350 whitelist.3 = ^openshift_handlers$
351 whitelist.4 = ^pipe$
352 whitelist.5 = ^pipelines_num$
353 whitelist.6 = ^splunk_post_bytes_sum.*$
354 whitelist.7 = ^splunk_post_events_count_sum.*$
355 whitelist.8 = ^splunk_post_failed_requests$
356 whitelist.9 = ^splunk_post_message_max_lag_seconds_bucket.*$
357 whitelist.10 = ^splunk_post_requests_seconds_sum.*$
358 whitelist.11 = ^splunk_post_retries_required_sum.*$
359
360
361 # connection to kubernetes api
362 [general.kubernetes]
363
364 # Override service URL for Kubernetes (default is ${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT})
365 serviceURL =
366
367 # Environment variable $KUBERNETES_NODENAME is used by default to setup nodeName
368 # Use it only when you need to override it
369 nodeName =
370
371 # Configuration to access the API server,
372 # see https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
373 # for details
374 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
375 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
376
377 # Default timeout for http responses. The streaming/watch requests depend on this timeout.
378 timeout = 30m
379
380 # How long to keep the cache for the recent calls to API server (to limit number of calls when collectord discovers new pods)
381 metadataTTL = 30s
382
383 # regex to find pods
384 podsCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?$
385
386 # regex to find containers in the pods
387 containersCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?/(docker-|crio-|cri-\w+-)?[0-9a-f]{64}(\.scope)?(\/.+)?$
388
389 # path to the kubelet root location (use it to discover application logs for emptyDir)
390 # the expected format is `pods/{pod-id}/volumes/kubernetes.io~empty-dir/{volume-name}/_data/`
391 volumesRootDir = /rootfs/var/lib/kubelet/
392
393 # You can attach annotations as a metadata, using the format
394 # includeAnnotations.{key} = {regexp}
395 # For example if you want to include all annotations that starts with `prometheus.io` or `example.com` you can include
396 # the following format:
397 # includeAnnotations.1 = ^prometheus\.io.*
398 # includeAnnotations.2 = ^example\.com.*
399
400 # You can exclude labels from metadata, using the format
401 # excludeLabels.{key} = {regexp}
402 # For example if you want to exclude all labels that starts with `prometheus.io` or `example.com` you can include
403 # the following format:
404 # excludeLabels.1 = ^prometheus\.io.*
405 # excludeLabels.2 = ^example\.com.*
406
407 # watch for changes (annotations) in the objects
408 watch.namespaces = v1/namespace
409 watch.deploymentconfigs = apps.openshift.io/v1/deploymentconfig
410 watch.configurations = collectord.io/v1/configuration
411
412 # Collectord can review the assigned ClusterRole and traverse metadata for the Pods only for the Owner objects
413 # that are defined in the ClusterRole, ignoring anything else, it does not have access to.
414 # This way Collectord does not generate 403 requests on API Server
415 clusterRole = collectorforopenshift
416
417 # Alternative of telling Collectord about the ClusterRole is to manually list the objects.
418 # You can define which objects Collectord should traverse when it sees Owners.
419 ; traverseOwnership.namespaces = v1/namespace
420
421 # Implementation of the watch protocol.
422 # 0 - use the default implementation (2)
423 # 1 - use the watch implementation that is optimized for the small number of objects (just issue one watch for all objects)
424 # 2 - use the watch implementation that is optimized for the large number of objects (paginate through the list of objects and issue watch for the last resource version)
425 watchImplementation = 2
426
427 # watch for pods annotations, setup prometheus collection
428 # for these pods
429 # Addon listens on Pod Network
430 # DaemonSets listen on Host Network
431 [input.prometheus_auto]
432
433 # disable prometheus auto discovery for pods
434 disabled = false
435
436 # override type
437 type = openshift_prometheus
438
439 # specify Splunk index
440 index =
441
442 # how often to collect prometheus metrics
443 interval = 60s
444
445 # request timeout
446 timeout = 60s
447
448 # include metrics help with the events
449 includeHelp = true
450
451 # http client timeout
452 timeout = 30s
453
454 # set output (splunk or devnull, default is [general]defaultOutput)
455 output =
456
457 # Include an Authorization header for the prometheus scrapper
458 # When configuring scrapping with collectord using annotations use prometheus.1-AuthorizationKey=key1
459 # authorization.key1 = Bearer FOO
460
461
462 # Splunk output
463 [output.splunk]
464
465 # Splunk HTTP Event Collector url
466 url =
467 # You can specify muiltiple splunk URls with
468 #
469 # urls.0 = https://server1:8088/services/collector/event/1.0
470 # urls.1 = https://server1:8088/services/collector/event/1.0
471 # urls.2 = https://server1:8088/services/collector/event/1.0
472 #
473 # Limitations:
474 # * The urls cannot have different path.
475
476 # Specify how URL should be picked up (in case if multiple is used)
477 # urlSelection = random|round-robin|random-with-round-robin
478 # where:
479 # * random - choose random url on first selection and after each failure (connection or HTTP status code >= 500)
480 # * round-robin - choose url starting from first one and bump on each failure (connection or HTTP status code >= 500)
481 # * random-with-round-robin - choose random url on first selection and after that in round-robin on each
482 # failure (connection or HTTP status code >= 500)
483 urlSelection = random-with-round-robin
484
485 # Splunk HTTP Event Collector Token
486 token =
487
488 # Allow invalid SSL server certificate
489 insecure = false
490 # minTLSVersion = TLSv1.2
491 # maxTLSVersion = TLSv1.3
492
493 # Path to CA cerificate
494 caPath =
495
496 # CA Name to verify
497 caName =
498
499 # path for client certificate (if required)
500 clientCertPath =
501
502 # path for client key (if required)
503 clientKeyPath =
504
505 # Events are batched with the maximum size set by batchSize and staying in pipeline for not longer
506 # than set by frequency
507 frequency = 5s
508 batchSize = 768K
509 # limit by the number of events (0 value has no limit on the number of events)
510 events = 50
511
512 # Splunk through proxy
513 proxyUrl =
514
515 # authentication with basic authorization (user:password)
516 proxyBasicAuth =
517
518 # Splunk acknowledgement url (.../services/collector/ack)
519 ackUrl =
520 # You can specify muiltiple splunk URls for ackUrl
521 #
522 # ackUrls.0 = https://server1:8088/services/collector/ack
523 # ackUrls.1 = https://server1:8088/services/collector/ack
524 # ackUrls.2 = https://server1:8088/services/collector/ack
525 #
526 # Make sure that they in the same order as urls for url, to make sure that this Splunk instance will be
527 # able to acknowledge the payload.
528 #
529 # Limitations:
530 # * The urls cannot have different path.
531
532 # Enable index acknowledgment
533 ackEnabled = false
534
535 # Index acknowledgment timeout
536 ackTimeout = 3m
537
538 # Timeout specifies a time limit for requests made by collectord.
539 # The timeout includes connection time, any
540 # redirects, and reading the response body.
541 timeout = 30s
542
543 # in case when pipeline can post to multiple indexes, we want to avoid posibility of blocking
544 # all pipelines, because just some events have incorrect index
545 dedicatedClientPerIndex = true
546
547 # possible values: RedirectToDefault, Drop, Retry
548 incorrectIndexBehavior = RedirectToDefault
549
550 # gzip compression level (nocompression, default, 1...9)
551 compressionLevel = default
552
553 # number of dedicated splunk output threads (to increase throughput above 4k events per second)
554 threads = 2
555 # Default algorithm between threads is roundrobin, but you can change it to weighted
556 ; threadsAlgorithm = weighted
557
558 # if you want to exclude some preindexed fields from events
559 # excludeFields.openshift_pod_ip = true
560
561 # By default if there are no indexes defined on the message, Collectord sends the event without the index, and
562 # Splunk HTTP Event Collector going to use the default index for the Token. You can change that, and tell Collectord
563 # to ignore all events that don't have index defined explicitly
564 ; requireExplicitIndex = true
565
566 # You can define if you want to truncate messages that are larger than 1M in length (or define your own size, like 256K)
567 ; maximumMessageLength = 1M
568
569 # For messages generated from logs, include unique `event_id` in the event
570 ; includeEventID = false
571
572 # Dedicated queue size for the output, default is 1024, larger queue sizes will require more memory,
573 # but will allow to handle more events in case of network issues
574 queueSize = 1024
575
576 # How many digits after the decimal point to keep for timestamps (0-9)
577 # Defaults to 3 (milliseconds)
578 # Change to 6 for microseconds
579 # Change to 9 for nanoseconds
580 ; timestampPrecision = 3
581
582 002-daemonset.conf: |
583 # DaemonSet configuration is used for Nodes and Masters.
584
585 # connection to CRIO
586 [general.cri-o]
587
588 # url for CRIO API, only unix socket is supported
589 url = unix:///rootfs/var/run/crio/crio.sock
590
591 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
592 timeout = 1m
593
594 # cgroup input
595 [input.system_stats]
596
597 # disable system level stats
598 disabled.host = false
599 disabled.cgroup = false
600
601 # cgroups fs location
602 pathCgroups = /rootfs/sys/fs/cgroup
603
604 # proc location
605 pathProc = /rootfs/proc
606
607 # how often to collect cgroup stats
608 statsInterval = 30s
609
610 # override type
611 type.host = openshift_stats_v2_host
612 type.cgroup = openshift_stats_v2_cgroup
613
614 # specify Splunk index
615 index.host =
616 index.cgroup =
617
618 # set output (splunk or devnull, default is [general]defaultOutput)
619 output.host =
620 output.cgroup =
621
622
623 # proc input
624 [input.proc_stats]
625
626 # disable proc level stats
627 disabled = false
628
629 # proc location
630 pathProc = /rootfs/proc
631
632 # how often to collect proc stats
633 statsInterval = 60s
634
635 # override type
636 type = openshift_proc_stats_v2
637
638 # specify Splunk index
639 index.host =
640 index.cgroup =
641
642 # proc filesystem includes by default system threads (there can be over 100 of them)
643 # these stats do not help with the observability
644 # excluding them can reduce the size of the index, performance of the searches and usage of the collector
645 includeSystemThreads = false
646
647 # set output (splunk or devnull, default is [general]defaultOutput)
648 output.host =
649 output.cgroup =
650
651 # Hide arguments for the processes, replacing with HIDDEN_ARGS(NUMBER)
652 hideArgs = false
653
654
655 # network stats
656 [input.net_stats]
657
658 # disable net stats
659 disabled = false
660
661 # proc path location
662 pathProc = /rootfs/proc
663
664 # how often to collect net stats
665 statsInterval = 30s
666
667 # override type
668 type = openshift_net_stats_v2
669
670 # specify Splunk index
671 index.host =
672 index.cgroup =
673
674 # set output (splunk or devnull, default is [general]defaultOutput)
675 output.host =
676 output.cgroup =
677
678
679 # network socket table
680 [input.net_socket_table]
681
682 # disable net stats
683 disabled = false
684
685 # proc path location
686 pathProc = /rootfs/proc
687
688 # how often to collect net stats
689 statsInterval = 30s
690
691 # override type
692 type = openshift_net_socket_table
693
694 # specify Splunk index
695 index.host =
696 index.cgroup =
697
698 # set output (splunk or devnull, default is [general]defaultOutput)
699 output.host =
700 output.cgroup =
701
702 # group connections by tcp_state, localAddr, remoteAddr (if localPort is not the port it is listening on)
703 # that can significally reduces the amount of events
704 group = true
705
706 # Collectord can watch for services, node, and pod IP addresses, and lookup the names
707 # for the IP addresses. Keeping this enabled can add a significant load on the API Server, with large number of pods.
708 disableLookup = false
709
710
711 # mount input (collects mount stats where kubelet runtime is stored)
712 [input.mount_stats]
713
714 # disable system level stats
715 disabled = false
716
717 # how often to collect mount stats
718 statsInterval = 30s
719
720 # override type
721 type = openshift_mount_stats
722
723 # specify Splunk index
724 index =
725
726 # set output (splunk or devnull, default is [general]defaultOutput)
727 output =
728
729
730 # diskstats input (collects /proc/diskstats)
731 [input.disk_stats]
732
733 # disable system level stats
734 disabled = false
735
736 # how often to collect mount stats
737 statsInterval = 30s
738
739 # override type
740 type = openshift_disk_stats
741
742 # specify Splunk index
743 index =
744
745 # set output (splunk or devnull, default is [general]defaultOutput)
746 output =
747
748
749 # Container Log files
750 [input.files]
751
752 # disable container logs monitoring
753 disabled = false
754
755 # root location of docker log files
756 # logs are expected in standard docker format like {containerID}/{containerID}-json.log
757 # rotated files
758 path = /rootfs/var/lib/docker/containers/
759 # root location of CRI-O files
760 # logs are expected in Kubernetes format, like {podID}/{containerName}/0.log
761 crioPath = /rootfs/var/log/pods/
762
763 # (obsolete) glob matching pattern for log files
764 # glob = */*-json.log*
765
766 # files are read using polling schema, when reach the EOF how often to check if files got updated
767 pollingInterval = 250ms
768
769 # how often to look for the new files under logs path
770 walkingInterval = 5s
771
772 # include verbose fields in events (file offset)
773 verboseFields = false
774
775 # override type
776 type = openshift_logs
777
778 # specify Splunk index
779 index =
780
781 # docker splits events when they are larger than 10-100k (depends on the docker version)
782 # we join them together by default and forward to Splunk as one event
783 joinPartialEvents = true
784
785 # In case if your containers report messages with terminal colors or other escape sequences
786 # you can enable strip for all the containers in one place.
787 # Better is to enable it only for required container with the label collectord.io/strip-terminal-escape-sequences=true
788 stripTerminalEscapeSequences = false
789 # Regexp used for stripping terminal colors, it does not stip all the escape sequences
790 # Read http://man7.org/linux/man-pages/man4/console_codes.4.html for more information
791 stripTerminalEscapeSequencesRegex = (\x1b\[\d{1,3}(;\d{1,3})*m)|(\x07)|(\x1b]\d+(\s\d)?;[^\x07]+\x07)|(.*\x1b\[K)
792
793 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
794 samplingPercent = -1
795
796 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
797 samplingKey =
798
799 # set output (splunk or devnull, default is [general]defaultOutput)
800 output =
801
802 # configure default thruput per second for for each container log
803 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
804 # from the single container to 128Kb per second.
805 thruputPerSecond =
806
807 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
808 # older than 7 days
809 tooOldEvents =
810
811 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
812 tooNewEvents =
813
814
815 # Application Logs
816 [input.app_logs]
817
818 # disable container application logs monitoring
819 disabled = false
820
821 # root location of mounts (applies to hostPath mounts only), if the hostPath differs inside container from the path on host
822 root = /rootfs/
823
824 # how often to review list of available volumes
825 syncInterval = 5s
826
827 # glob matching pattern for log files
828 glob = *.log*
829
830 # files are read using polling schema, when reach the EOF how often to check if files got updated
831 pollingInterval = 250ms
832
833 # how often to look for the new files under logs path
834 walkingInterval = 5s
835
836 # include verbose fields in events (file offset)
837 verboseFields = false
838
839 # override type
840 type = openshift_logs
841
842 # specify Splunk index
843 index =
844
845 # we split files using new line character, with this configuration you can specify what defines the new event
846 # after new line
847 eventPatternRegex = ^[^\s]
848 # Maximum interval of messages in pipeline
849 eventPatternMaxInterval = 100ms
850 # Maximum time to wait for the messages in pipeline
851 eventPatternMaxWait = 1s
852 # Maximum message size
853 eventPatternMaxSize = 1MB
854
855 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
856 samplingPercent = -1
857
858 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
859 samplingKey =
860
861 # set output (splunk or devnull, default is [general]defaultOutput)
862 output =
863
864 # configure default thruput per second for for each container log
865 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
866 # from the single container to 128Kb per second.
867 thruputPerSecond =
868
869 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
870 # older than 7 days
871 tooOldEvents =
872
873 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
874 tooNewEvents =
875
876 # Configure how long Collectord should keep the file descriptors open for files, that has not been forwarded yet
877 # When using PVC, and if pipeline is lagging behind, Collectord holding open fd for files, can cause long termination
878 # of pods, as kubelet cannot unmount the PVC volume from the system
879 maxHoldAfterClose = 1800s
880
881
882 [input.journald]
883
884 # disable host level logs
885 disabled = false
886
887 # root location of log files
888 path.persistent = /rootfs/var/log/journal/
889 # only if required
890 # path.volatile = /rootfs/run/log/journal/
891
892 # when reach end of journald, how often to pull
893 pollingInterval = 250ms
894
895 # if you don't want to forward journald from the beginning,
896 # set the oldest event in relative value, like -14h or -30m or -30s (h/m/s supported)
897 startFromRel =
898
899 # override type
900 type = openshift_host_logs
901
902 # specify Splunk index
903 index =
904
905 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
906 samplingPercent = -1
907
908 # sampling key (should be regexp with the named match pattern `key`)
909 samplingKey =
910
911 # how often to reopen the journald to free old files
912 reopenInterval = 1h
913
914 # set output (splunk or devnull, default is [general]defaultOutput)
915 output =
916
917 # configure default thruput per second for this files group
918 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
919 # from the files in this group to 128Kb per second.
920 thruputPerSecond =
921
922 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
923 # older than 7 days
924 tooOldEvents =
925
926 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
927 tooNewEvents =
928
929 # by default every new event should start from not space symbol
930 eventPattern = ^[^\s]
931
932 # By default ignoring verbose hyperkube logs (all INFO messages)
933 blacklist.0 = ^I\d+.*$
934 # whitelist.0 = ^regexp$
935 # blacklist.1 = ^regexp$
936
937 # Move Journald logs reader to a separate process, to prevent process from crashing in case of corrupted log files
938 spawnExternalProcess = false
939
940 # Pipe to join events (container logs only)
941 [pipe.join]
942
943 # disable joining event
944 disabled = false
945
946 # Maximum interval of messages in pipeline
947 maxInterval = 100ms
948
949 # Maximum time to wait for the messages in pipeline
950 maxWait = 1s
951
952 # Maximum message size
953 maxSize = 1MB
954
955 # Default pattern to indicate new message (should start not from space)
956 patternRegex = ^[^\s]
957
958 # (depricated, use annotations for settings up join rules)
959 # Define special event join patterns for matched events
960 # Section consist of [pipe.join::<name>]
961 # [pipe.join::my_app]
962 ## Set match pattern for the fields
963 #; matchRegex.docker_container_image = my_app
964 #; matchRegex.stream = stdout
965 ## All events start from '[<digits>'
966 #; patternRegex = ^\[\d+
967
968 # You can configure global replace rules for the events, which can help to remove sensitive data
969 # from logs before they are sent to Splunk. Those rules will be applied to all pipelines for container logs, host logs,
970 # application logs and events.
971 # In the following example we replace password=TEST with password=********
972 ; [pipe.replace::name]
973 ; patternRegex = (password=)([^\s]+)
974 ; replace = $1********
975
976 # You can configure global hash rules for the events, which can help to hide sensitive data
977 # from logs before they are sent to outputs. Those rules will be applied to all pipelines for container logs, host logs,
978 # application logs and events.
979 # In the following example we hash IP addresses with fnv-1a-64
980 ; [pipe.hash::name]
981 ; match = (\d{1,3}\.){3}\d{1,3}'
982 ; function = fnv-1a-64
983
984
985 [input.prometheus::kubelet]
986
987 # disable prometheus kubelet metrics
988 disabled = false
989
990 # override type
991 type = openshift_prometheus
992
993 # specify Splunk index
994 index =
995
996 # Override host (environment variables are supported)
997 host = ${KUBERNETES_NODENAME}
998
999 # Override source
1000 source = kubelet
1001
1002 # how often to collect prometheus metrics
1003 interval = 60s
1004
1005 # request timeout
1006 timeout = 60s
1007
1008 # prometheus endpoint
1009 endpoint = https://127.0.0.1:10250/metrics
1010
1011 # token for "Authorization: Bearer $(cat tokenPath)"
1012 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1013
1014 # server certificate for certificate validation
1015 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1016
1017 # client certificate for authentication
1018 clientCertPath =
1019
1020 # Allow invalid SSL server certificate
1021 insecure = true
1022
1023 # include metrics help with the events
1024 # can be useful to explore prometheus metrics
1025 includeHelp = false
1026
1027 # set output (splunk or devnull, default is [general]defaultOutput)
1028 output =
1029
1030 # filter only metrics used by dashboards
1031 whitelist.1 = ^(kubernetes|openshift)_build_info$
1032 whitelist.2 = ^kubelet_runtime_operations_duration_seconds_sum$
1033 whitelist.3 = ^kubelet_docker_operations_duration_seconds_sum$
1034 whitelist.4 = ^kubelet_network_plugin_operations_duration_seconds_sum$
1035 whitelist.5 = ^kubelet_cgroup_manager_duration_seconds_sum$
1036 whitelist.6 = ^storage_operation_duration_seconds_sum$
1037 whitelist.7 = ^kubelet_docker_operations_errors_total$
1038 whitelist.8 = ^kubelet_runtime_operations_errors_total$
1039 whitelist.9 = ^rest_client_requests_total$
1040 whitelist.10 = ^process_cpu_seconds_total$
1041 whitelist.11 = ^process_resident_memory_bytes$
1042 whitelist.12 = ^process_virtual_memory_bytes$
1043 whitelist.13 = ^kubelet_volume_stats_.+$
1044
1045 ; # Collectord reports if entropy is low (uncomment to use it)
1046 ; [diagnostics::node-entropy]
1047 ; settings.path = /rootfs/proc/sys/kernel/random/entropy_avail
1048 ; settings.interval = 1h
1049 ; settings.threshold = 800
1050
1051 # Collectord can report if node reboot is required (uncomment to use it)
1052 [diagnostics::node-reboot-required]
1053 settings.path = /rootfs/var/run/reboot-required*
1054 settings.interval = 1h
1055
1056 # See https://www.kernel.org/doc/Documentation/admin-guide/hw-vuln/index.rst
1057 # And https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-devices-system-cpu
1058 [diagnostics::cpu-vulnerabilities]
1059 settings.path = /rootfs/sys/devices/system/cpu/vulnerabilities/*
1060 settings.interval = 1h
1061
1062 003-daemonset-master.conf: |
1063 [input.prometheus::kubernetes-api]
1064
1065 # disable prometheus kubernetes-api input
1066 disabled = false
1067
1068 # override type
1069 type = openshift_prometheus
1070
1071 # specify Splunk index
1072 index =
1073
1074 # override host
1075 host = ${KUBERNETES_NODENAME}
1076
1077 # override source
1078 source = kubernetes-api
1079
1080 # how often to collect prometheus metrics
1081 interval = 60s
1082
1083 # request timeout
1084 timeout = 60s
1085
1086 # prometheus endpoint
1087 # at first trying to get it from localhost (that way avoiding load balancer, if multiple)
1088 # as fallback using proxy
1089 endpoint.1localhost = https://127.0.0.1:8443/metrics
1090 endpoint.2kubeapi = https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/metrics
1091
1092 # token for "Authorization: Bearer $(cat tokenPath)"
1093 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1094
1095 # server certificate for certificate validation
1096 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1097
1098 # client certificate for authentication
1099 clientCertPath =
1100
1101 # Allow invalid SSL server certificate
1102 insecure = true
1103
1104 # include metrics help with the events
1105 includeHelp = false
1106
1107 # set output (splunk or devnull, default is [general]defaultOutput)
1108 output =
1109
1110 # filter only metrics used by dashboards
1111 whitelist.1 = ^(kubernetes|openshift)_build_info$
1112 whitelist.2 = ^authenticated_user_requests$
1113 whitelist.3 = ^apiserver_request_total$
1114 whitelist.4 = ^process_cpu_seconds_total$
1115 whitelist.5 = ^process_resident_memory_bytes$
1116 whitelist.6 = ^process_virtual_memory_bytes$
1117
1118
1119 [input.prometheus::controller]
1120
1121 # disable prometheus controller metrics
1122 disabled = false
1123
1124 # override type
1125 type = openshift_prometheus
1126
1127 # specify Splunk index
1128 index =
1129
1130 # override host
1131 host = ${KUBERNETES_NODENAME}
1132
1133 # override source
1134 source = controller
1135
1136 # how often to collect prometheus metrics
1137 interval = 60s
1138
1139 # request timeout
1140 timeout = 60s
1141
1142 # prometheus endpoint
1143 endpoint.https1 = https://:10257/metrics
1144 endpoint.https2 = https://:8444/metrics
1145
1146 # token for "Authorization: Bearer $(cat tokenPath)"
1147 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1148
1149 # server certificate for certificate validation
1150 certPath =
1151
1152 # client certificate for authentication
1153 clientCertPath =
1154 clientKeyPath =
1155
1156 # Allow invalid SSL server certificate
1157 insecure = true
1158
1159 # include metrics help with the events
1160 includeHelp = false
1161
1162 # set output (splunk or devnull, default is [general]defaultOutput)
1163 output =
1164
1165 # filter only metrics used by dashboards
1166 whitelist.1 = ^(kubernetes|openshift)_build_info$
1167 whitelist.2 = ^process_cpu_seconds_total$
1168 whitelist.3 = ^process_resident_memory_bytes$
1169 whitelist.4 = ^process_virtual_memory_bytes$
1170 whitelist.5 = ^node_collector_zone_size$
1171 whitelist.6 = ^node_collector_zone_health$
1172 whitelist.7 = ^node_collector_unhealthy_nodes_in_zone$
1173
1174 [input.prometheus::scheduler]
1175
1176 # disable prometheus scheduler metrics
1177 disabled = false
1178
1179 # override type
1180 type = openshift_prometheus
1181
1182 # specify Splunk index
1183 index =
1184
1185 # override host
1186 host = ${KUBERNETES_NODENAME}
1187
1188 # override source
1189 source = scheduler
1190
1191 # how often to collect prometheus metrics
1192 interval = 60s
1193
1194 # request timeout
1195 timeout = 60s
1196
1197 # prometheus endpoint
1198 endpoint.https1 = https://:10259/metrics
1199 endpoint.https2 = https://:8444/metrics
1200
1201 # token for "Authorization: Bearer $(cat tokenPath)"
1202 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
1203
1204 # server certificate for certificate validation
1205 certPath =
1206
1207 # client certificate for authentication
1208 clientCertPath =
1209 clientKeyPath =
1210
1211 # Allow invalid SSL server certificate
1212 insecure = true
1213
1214 # include metrics help with the events
1215 includeHelp = false
1216
1217 # set output (splunk or devnull, default is [general]defaultOutput)
1218 output =
1219
1220 # filter only metrics used by dashboards
1221 whitelist.1 = ^(kubernetes|openshift)_build_info$
1222 whitelist.2 = ^scheduler_e2e_scheduling_duration_seconds_sum$
1223 whitelist.3 = ^scheduler_binding_duration_seconds_sum$
1224 whitelist.4 = ^scheduler_scheduling_algorithm_duration_seconds_sum$
1225 whitelist.5 = ^process_cpu_seconds_total$
1226 whitelist.6 = ^process_resident_memory_bytes$
1227 whitelist.7 = ^process_virtual_memory_bytes$
1228
1229
1230 [input.prometheus::etcd]
1231
1232 # disable prometheus etcd metrics
1233 disabled = false
1234
1235 # override type
1236 type = openshift_prometheus
1237
1238 # specify Splunk index
1239 index =
1240
1241 # override host
1242 host = ${KUBERNETES_NODENAME}
1243
1244 # override source
1245 source = etcd
1246
1247 # how often to collect prometheus metricd
1248 interval = 60s
1249
1250 # prometheus endpoint
1251 endpoint.https1 = https://:9979/metrics
1252 endpoint.https2 = https://:9978/metrics
1253
1254 # token for "Authorization: Bearer $(cat tokenPath)"
1255 tokenPath =
1256
1257 # server certificate for certificate validation
1258 certPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-serving-*.crt
1259
1260 # client certificate for authentication
1261 clientCertPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-peer-*.crt
1262 clientKeyPath = /rootfs/etc/kubernetes/static-pod-resources/etcd-certs/secrets/etcd-all-certs/etcd-peer-*.key
1263
1264 # Allow invalid SSL server certificate
1265 insecure = true
1266
1267 # include metrics help with the events
1268 includeHelp = false
1269
1270 # set output (splunk or devnull, default is [general]defaultOutput)
1271 output =
1272
1273 whitelist.1 = ^etcd_server_leader_changes_seen_total$
1274 whitelist.2 = ^etcd_server_has_leader$
1275 whitelist.3 = ^etcd_server_proposals_committed_total$
1276 whitelist.4 = ^etcd_server_proposals_applied_total$
1277 whitelist.5 = ^etcd_server_proposals_committed_total$
1278 whitelist.6 = ^etcd_server_proposals_pending$
1279 whitelist.7 = ^etcd_server_proposals_failed_total$
1280 whitelist.8 = ^etcd_disk_wal_fsync_duration_seconds_sum$
1281 whitelist.9 = ^etcd_disk_wal_fsync_duration_seconds_count$
1282 whitelist.10 = ^etcd_disk_backend_commit_duration_seconds_sum$
1283 whitelist.11 = ^etcd_disk_backend_commit_duration_seconds_count$
1284 whitelist.12 = ^etcd_network_client_grpc_.*$
1285 whitelist.13 = ^grpc_server_handled_total$
1286 whitelist.14 = ^etcd_network_peer_round_trip_time_seconds_bucket$
1287 whitelist.15 = ^process_cpu_seconds_total$
1288 whitelist.16 = ^process_resident_memory_bytes$
1289 whitelist.17 = ^process_virtual_memory_bytes$
1290 whitelist.18 = ^process_open_fds$
1291 whitelist.19 = ^process_max_fds$
1292 whitelist.20 = ^etcd_disk_backend_commit_duration_seconds_bucket$
1293 whitelist.21 = ^etcd_disk_wal_fsync_duration_seconds_bucket$
1294
1295
1296 # Audit logs
1297 [input.files::audit-logs]
1298
1299 # disable host level logs
1300 disabled = false
1301
1302 # root location of for audit logs
1303 path = /rootfs/var/log/kube-apiserver/
1304
1305 # glob matching files
1306 glob = audit*.log
1307
1308 # files are read using polling schema, when reach the EOF how often to check if files got updated
1309 pollingInterval = 250ms
1310
1311 # how often o look for the new files under logs path
1312 walkingInterval = 5s
1313
1314 # include verbose fields in events (file offset)
1315 verboseFields = false
1316
1317 # override type
1318 type = openshift_host_logs
1319
1320 # specify Splunk index
1321 index =
1322
1323 # field extraction
1324 extraction = (?P<message>.*"stageTimestamp":"(?P<timestamp>[^"]+)".*)
1325 extractionMessageField = message
1326
1327 # timestamp field
1328 timestampField = timestamp
1329
1330 # format for timestamp
1331 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
1332 timestampFormat = 2006-01-02T15:04:05.999999999Z07:00
1333
1334 # timestamp location (if not defined by format)
1335 timestampLocation =
1336
1337 # set output (splunk or devnull, default is [general]defaultOutput)
1338 output =
1339
1340 # configure default thruput per second for this files group
1341 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
1342 # from the files in this group to 128Kb per second.
1343 thruputPerSecond =
1344
1345 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
1346 # older than 7 days
1347 tooOldEvents =
1348
1349 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
1350 tooNewEvents =
1351
1352 # Blacklisting and whitelisting the logs
1353 # whitelist.0 = ^regexp$
1354 # blacklist.0 = ^regexp$
1355
1356
1357 004-addon.conf: |
1358 [general]
1359 # addons can be run in parallel with agents
1360 addon = true
1361
1362
1363 [input.kubernetes_events]
1364
1365 # disable collecting kubernetes events
1366 disabled = false
1367
1368 # override type
1369 type = openshift_events
1370
1371 # specify Splunk index
1372 index =
1373
1374 # set output (splunk or devnull, default is [general]defaultOutput)
1375 output =
1376
1377 # exclude managed fields from the metadata
1378 excludeManagedFields = true
1379
1380
1381 [input.kubernetes_watch::pods]
1382
1383 # disable events
1384 disabled = false
1385
1386 # Set the timeout for how often watch request should refresh the whole list
1387 refresh = 10m
1388
1389 apiVersion = v1
1390 kind = Pod
1391 namespace =
1392
1393 # override type
1394 type = openshift_objects
1395
1396 # specify Splunk index
1397 index =
1398
1399 # set output (splunk or devnull, default is [general]defaultOutput)
1400 output =
1401
1402 # exclude managed fields from the metadata
1403 excludeManagedFields = true
1404
1405 # you can remove or hash some values in the events (after modifyValues you can define path in the JSON object,
1406 # and the value can be hash:{hashFunction}, or remove to remove the object )
1407 ; modifyValues.object.data.* = hash:sha256
1408 ; modifyValues.object.metadata.annotations.* = remove
1409
1410 # You can exclude events by namespace with blacklist or whitelist only required namespaces
1411 # blacklist.kubernetes_namespace = ^namespace0$
1412 # whitelist.kubernetes_namespace = ^((namespace1)|(namespace2))$
1413
1414 [input.kubernetes_watch::resourcequota]
1415 # disable events
1416 disabled = false
1417
1418 # Set the timeout for how often watch request should refresh the whole list
1419 refresh = 10m
1420
1421 apiVersion = v1
1422 kind = ResourceQuota
1423 namespace =
1424
1425 # override type
1426 type = openshift_objects
1427
1428 # specify Splunk index
1429 index =
1430
1431 # set output (splunk or devnull, default is [general]defaultOutput)
1432 output =
1433
1434 # exclude managed fields from the metadata
1435 excludeManagedFields = true
1436
1437
1438 [input.kubernetes_watch::clusterresourcequota]
1439 # disable events
1440 disabled = false
1441
1442 # Set the timeout for how often watch request should refresh the whole list
1443 refresh = 10m
1444
1445 apiVersion = quota.openshift.io/v1
1446 kind = ClusterResourceQuota
1447 namespace =
1448
1449 # override type
1450 type = openshift_objects
1451
1452 # specify Splunk index
1453 index =
1454
1455 # set output (splunk or devnull, default is [general]defaultOutput)
1456 output =
1457
1458 # exclude managed fields from the metadata
1459 excludeManagedFields = true
1460
1461
1462 [input.kubernetes_watch::nodes]
1463 # disable events
1464 disabled = false
1465
1466 # Set the timeout for how often watch request should refresh the whole list
1467 refresh = 10m
1468
1469 apiVersion = v1
1470 kind = Node
1471 namespace =
1472
1473 # override type
1474 type = openshift_objects
1475
1476 # specify Splunk index
1477 index =
1478
1479 # set output (splunk or devnull, default is [general]defaultOutput)
1480 output =
1481
1482 # exclude managed fields from the metadata
1483 excludeManagedFields = true
1484
1485---
1486apiVersion: apps/v1
1487kind: DaemonSet
1488metadata:
1489 name: collectorforopenshift
1490 namespace: collectorforopenshift
1491 labels:
1492 app: collectorforopenshift
1493spec:
1494 # Default updateStrategy is OnDelete. For collectord RollingUpdate is suitable
1495 # When you update configuration
1496 updateStrategy:
1497 type: RollingUpdate
1498
1499 selector:
1500 matchLabels:
1501 daemon: collectorforopenshift
1502
1503 template:
1504 metadata:
1505 name: collectorforopenshift
1506 labels:
1507 daemon: collectorforopenshift
1508 spec:
1509 priorityClassName: collectorforopenshift-critical
1510 dnsPolicy: ClusterFirstWithHostNet
1511 hostNetwork: true
1512 serviceAccountName: collectorforopenshift
1513 # We run this DaemonSet only for Non-Masters
1514 affinity:
1515 nodeAffinity:
1516 requiredDuringSchedulingIgnoredDuringExecution:
1517 nodeSelectorTerms:
1518 - matchExpressions:
1519 - key: node-role.kubernetes.io/control-plane
1520 operator: DoesNotExist
1521 tolerations:
1522 - operator: "Exists"
1523 effect: "NoSchedule"
1524 - operator: "Exists"
1525 effect: "NoExecute"
1526 containers:
1527 - name: collectorforopenshift
1528 # Stick to specific version
1529 image: docker.io/outcoldsolutions/collectorforopenshift:26.04.1
1530 securityContext:
1531 privileged: true
1532 runAsUser: 0
1533 # Define your resources if you need. Defaults should be fine for most.
1534 resources:
1535 limits:
1536 cpu: 2000m
1537 memory: 512Mi
1538 requests:
1539 cpu: 500m
1540 memory: 256Mi
1541 env:
1542 - name: KUBERNETES_NODENAME
1543 valueFrom:
1544 fieldRef:
1545 fieldPath: spec.nodeName
1546 - name: POD_NAME
1547 valueFrom:
1548 fieldRef:
1549 fieldPath: metadata.name
1550 volumeMounts:
1551 # We store state in /data folder (file positions)
1552 - name: collectorforopenshift-state
1553 mountPath: /data
1554 # Configuration file deployed with ConfigMap
1555 - name: collectorforopenshift-config
1556 mountPath: /config/
1557 readOnly: true
1558 # Rootfs
1559 - name: rootfs
1560 mountPath: /rootfs/
1561 readOnly: false
1562 mountPropagation: HostToContainer
1563 # correct timezone
1564 - name: localtime
1565 mountPath: /etc/localtime
1566 readOnly: true
1567 volumes:
1568 # We store state directly on host, change this location, if
1569 # your persistent volume is somewhere else
1570 - name: collectorforopenshift-state
1571 hostPath:
1572 path: /var/lib/collectorforopenshift/data/
1573 type: DirectoryOrCreate
1574 # Location of rootfs
1575 - name: rootfs
1576 hostPath:
1577 path: /
1578 # correct timezone
1579 - name: localtime
1580 hostPath:
1581 path: /etc/localtime
1582 # configuration from ConfigMap
1583 - name: collectorforopenshift-config
1584 configMap:
1585 name: collectorforopenshift
1586 items:
1587 - key: 001-general.conf
1588 path: 001-general.conf
1589 - key: 002-daemonset.conf
1590 path: 002-daemonset.conf
1591---
1592apiVersion: apps/v1
1593kind: DaemonSet
1594metadata:
1595 name: collectorforopenshift-master
1596 namespace: collectorforopenshift
1597 labels:
1598 app: collectorforopenshift
1599spec:
1600 updateStrategy:
1601 type: RollingUpdate
1602 selector:
1603 matchLabels:
1604 daemon: collectorforopenshift
1605 template:
1606 metadata:
1607 name: collectorforopenshift-master
1608 labels:
1609 daemon: collectorforopenshift
1610 spec:
1611 priorityClassName: collectorforopenshift-critical
1612 dnsPolicy: ClusterFirstWithHostNet
1613 hostNetwork: true
1614 serviceAccountName: collectorforopenshift
1615 # Deploy only on master
1616 affinity:
1617 nodeAffinity:
1618 requiredDuringSchedulingIgnoredDuringExecution:
1619 nodeSelectorTerms:
1620 - matchExpressions:
1621 - key: node-role.kubernetes.io/control-plane
1622 operator: Exists
1623 tolerations:
1624 - operator: "Exists"
1625 effect: "NoSchedule"
1626 - operator: "Exists"
1627 effect: "NoExecute"
1628 containers:
1629 - name: collectorforopenshift
1630 image: docker.io/outcoldsolutions/collectorforopenshift:26.04.1
1631 securityContext:
1632 privileged: true
1633 runAsUser: 0
1634 resources:
1635 limits:
1636 cpu: 2000m
1637 memory: 1024Mi
1638 requests:
1639 cpu: 500m
1640 memory: 256Mi
1641 env:
1642 - name: KUBERNETES_NODENAME
1643 valueFrom:
1644 fieldRef:
1645 fieldPath: spec.nodeName
1646 - name: POD_NAME
1647 valueFrom:
1648 fieldRef:
1649 fieldPath: metadata.name
1650 volumeMounts:
1651 - name: collectorforopenshift-state
1652 mountPath: /data
1653 - name: collectorforopenshift-config
1654 mountPath: /config/
1655 readOnly: true
1656 # Rootfs
1657 - name: rootfs
1658 mountPath: /rootfs/
1659 readOnly: false
1660 mountPropagation: HostToContainer
1661 - name: localtime
1662 mountPath: /etc/localtime
1663 readOnly: true
1664 volumes:
1665 - name: collectorforopenshift-state
1666 hostPath:
1667 path: /var/lib/collectorforopenshift/data/
1668 type: DirectoryOrCreate
1669 - name: rootfs
1670 hostPath:
1671 path: /
1672 - name: localtime
1673 hostPath:
1674 path: /etc/localtime
1675 - name: collectorforopenshift-config
1676 configMap:
1677 name: collectorforopenshift
1678 items:
1679 - key: 001-general.conf
1680 path: 001-general.conf
1681 - key: 002-daemonset.conf
1682 path: 002-daemonset.conf
1683 - key: 003-daemonset-master.conf
1684 path: 003-daemonset-master.conf
1685---
1686apiVersion: apps/v1
1687kind: Deployment
1688metadata:
1689 name: collectorforopenshift-addon
1690 namespace: collectorforopenshift
1691 labels:
1692 app: collectorforopenshift
1693spec:
1694 replicas: 1
1695 selector:
1696 matchLabels:
1697 daemon: collectorforopenshift
1698 template:
1699 metadata:
1700 name: collectorforopenshift-addon
1701 labels:
1702 daemon: collectorforopenshift
1703 spec:
1704 priorityClassName: collectorforopenshift-critical
1705 serviceAccountName: collectorforopenshift
1706 containers:
1707 - name: collectorforopenshift
1708 image: docker.io/outcoldsolutions/collectorforopenshift:26.04.1
1709 securityContext:
1710 privileged: true
1711 runAsUser: 0
1712 resources:
1713 limits:
1714 cpu: 1000m
1715 memory: 512Mi
1716 requests:
1717 cpu: 200m
1718 memory: 64Mi
1719 env:
1720 - name: KUBERNETES_NODENAME
1721 valueFrom:
1722 fieldRef:
1723 fieldPath: spec.nodeName
1724 - name: POD_NAME
1725 valueFrom:
1726 fieldRef:
1727 fieldPath: metadata.name
1728 volumeMounts:
1729 - name: collectorforopenshift-state
1730 mountPath: /data
1731 - name: collectorforopenshift-config
1732 mountPath: /config/
1733 readOnly: true
1734 volumes:
1735 - name: collectorforopenshift-state
1736 hostPath:
1737 path: /var/lib/collectorforopenshift/data/
1738 type: Directory
1739 - name: collectorforopenshift-config
1740 configMap:
1741 name: collectorforopenshift
1742 items:
1743 - key: 001-general.conf
1744 path: 001-general.conf
1745 - key: 004-addon.conf
1746 path: 004-addon.conf