Collectord configuration
Download
Link
collectorforkubernetes-syslog.yaml
CURL
1curl -O https://www.outcoldsolutions.com/docs/syslog-kubernetes/collectorforkubernetes-syslog.yaml
WGET
1wget https://www.outcoldsolutions.com/docs/syslog-kubernetes/collectorforkubernetes-syslog.yaml
collectorforkubernetes-syslog.yaml
1apiVersion: v1
2kind: Namespace
3metadata:
4 labels:
5 app: collectorforkubernetes-syslog
6 name: collectorforkubernetes-syslog
7---
8apiVersion: apiextensions.k8s.io/v1beta1
9kind: CustomResourceDefinition
10metadata:
11 name: configurations.collectord.io
12spec:
13 group: collectord.io
14 versions:
15 - name: v1
16 served: true
17 storage: true
18 scope: Cluster
19 names:
20 plural: configurations
21 singular: configuration
22 kind: Configuration
23---
24apiVersion: v1
25kind: ServiceAccount
26metadata:
27 labels:
28 app: collectorforkubernetes-syslog
29 name: collectorforkubernetes-syslog
30 namespace: collectorforkubernetes-syslog
31---
32apiVersion: scheduling.k8s.io/v1
33kind: PriorityClass
34metadata:
35 name: collectorforkubernetes-syslog-critical
36value: 1000000000
37---
38apiVersion: rbac.authorization.k8s.io/v1
39kind: ClusterRole
40metadata:
41 labels:
42 app: collectorforkubernetes-syslog
43 name: collectorforkubernetes-syslog
44rules:
45- apiGroups: ['extensions']
46 resources: ['podsecuritypolicies']
47 verbs: ['use']
48 resourceNames:
49 - privileged
50- apiGroups:
51 - '*'
52 resources:
53 - '*'
54 verbs:
55 - get
56 - list
57 - watch
58---
59apiVersion: rbac.authorization.k8s.io/v1
60kind: ClusterRoleBinding
61metadata:
62 labels:
63 app: collectorforkubernetes-syslog
64 name: collectorforkubernetes-syslog
65 namespace: collectorforkubernetes-syslog
66roleRef:
67 apiGroup: rbac.authorization.k8s.io
68 kind: ClusterRole
69 name: collectorforkubernetes-syslog
70subjects:
71 - kind: ServiceAccount
72 name: collectorforkubernetes-syslog
73 namespace: collectorforkubernetes-syslog
74---
75apiVersion: v1
76kind: ConfigMap
77metadata:
78 name: collectorforkubernetes-syslog
79 namespace: collectorforkubernetes-syslog
80 labels:
81 app: collectorforkubernetes-syslog
82data:
83 001-general.conf: |
84 # The general configuration is used for all deployments
85 #
86 # Run collectord with the flag -conf and specify location of the configuration files.
87 #
88 # You can override all the values using environment variables with the format like
89 # COLLECTOR__<ANYNAME>=<section>__<key>=<value>
90 # As an example you can set dataPath in [general] section as
91 # COLLECTOR__DATAPATH=general__dataPath=C:\\some\\path\\data.db
92 # This parameter can be configured using -env-override, set it to empty string to disable this feature
93
94 [general]
95
96 # Review License https://www.outcoldsolutions.com/docs/license-agreement/
97 # and accept License by changing the value to *true*
98 acceptLicense = false
99
100 # Location for the database
101 # Collectord stores positions of the files and internal state
102 dataPath = ./data/
103
104 # log level (accepted values are trace, debug, info, warn, error, fatal)
105 logLevel = info
106
107 # http server gives access to two endpoints
108 # /healthz
109 # /metrics
110 httpServerBinding =
111
112 # telemetry report endpoint, set it to empty string to disable telemetry
113 telemetryEndpoint = https://license.outcold.solutions/telemetry/
114
115 # license check endpoint
116 licenseEndpoint = https://license.outcold.solutions/license/
117
118 # license server through proxy
119 licenseServerProxyUrl =
120
121 # authentication with basic authorization (user:password)
122 licenseServerProxyBasicAuth =
123
124 # license key
125 license =
126
127 # Environment variable $KUBERNETES_NODENAME is used by default to setup hostname
128 # Use value below to override specific name
129 hostname =
130
131 # Default output for events, logs and metrics
132 # valid values: syslog and devnull
133 # Use devnull by default if you don't want to redirect data
134 defaultOutput = syslog
135
136 # Default buffer size for file input
137 fileInputBufferSize = 256b
138
139 # Maximum size of one line the file reader can read
140 fileInputLineMaxSize = 1mb
141
142 # Include custom fields to attach to every event, in example below every event sent to Syslog will have
143 # indexed field my_environment=dev. Fields names should match to ^[a-z][_a-z0-9]*$
144 # Better way to configure that is to specify labels for Kubernetes Nodes.
145 # ; fields.my_environment = dev
146 # Identify the cluster if you are planning to monitor multiple clusters
147 fields.cluster = -
148
149 # Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
150 # Should be in format ec2Metadata.{desired_field_name} = {url path to read the value}
151 # ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
152 # ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type
153
154 # subdomain for the annotations added to the pods, workloads, namespaces or containers, like syslog.collectord.io/..
155 annotationsSubdomain = syslog
156
157 # Configure acknowledgement database.
158 # - force fsync on every write to Write-Ahead-Log
159 db.fsync = false
160 # - maximum size of the Write-Ahead-Log
161 db.compactAt = 1M
162
163 # configure global thruput per second for forwarded logs (metrics are not included)
164 # for example if you set `thruputPerSecond = 512Kb`, that will limit amount of logs forwarded
165 # from the single Collectord instance to 512Kb per second.
166 # You can configure thruput individually for the logs (including specific for container logs) below
167 thruputPerSecond =
168
169 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
170 # older than 7 days
171 tooOldEvents =
172
173 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
174 tooNewEvents =
175
176 # connection to kubernetes api
177 [general.kubernetes]
178
179 # Environment variable $KUBERNETES_NODENAME is used by default to setup nodeName
180 # Use it only when you need to override it
181 nodeName =
182
183 # Configuration to access the API server,
184 # see https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
185 # for details
186 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
187 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
188
189 # Default timeout for http responses. The streaming/watch requests depend on this timeout.
190 timeout = 30m
191
192 # (obsolete) In case if pod metadata was not retrievied. how often collectord should retry to reload the pod metadata
193 # metadataFetchRetry = 5s
194
195 # (obsolete) In case if event is recent, how long pipeline should wait for the metadata to be available in Kubernetes API
196 # metadataFetchWait = 30s
197
198 # How long to keep the cache for the recent calls to API server (to limit number of calls when collectord discovers new pods)
199 metadataTTL = 30s
200
201 # regex to find pods
202 podsCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?$
203
204 # regex to find containers in the pods
205 containersCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?/(docker-|crio-)?[0-9a-f]{64}(\.scope)?(\/.+)?$
206
207 # path to the kubelet root location (use it to discover application logs for emptyDir)
208 # the expected format is `pods/{pod-id}/volumes/kubernetes.io~empty-dir/{volume-name}/_data/`
209 volumesRootDir = /rootfs/var/lib/kubelet/
210
211 # You can attach annotations as a metadata, using the format
212 # includeAnnotations.{key} = {regexp}
213 # For example if you want to include all annotations that starts with `prometheus.io` or `example.com` you can include
214 # the following format:
215 # includeAnnotations.1 = ^prometheus\.io.*
216 # includeAnnotations.2 = ^example\.com.*
217
218 # watch for changes (annotations) in the objects
219 watch.namespaces = v1/namespace
220 watch.deployments = apps/v1/deployment
221 watch.configurations = apis/v1/collectord.io/configuration
222
223
224 # Syslog output
225 [output.syslog]
226
227 # tcp or udp
228 network = tcp
229 # syslog destination
230 address =
231
232 002-daemonset.conf: |
233 # DaemonSet configuration is used for Nodes and Masters.
234
235 # Connection to the docker host
236 [general.docker]
237
238 # url for docker API, only unix socket is supported
239 url = unix:///rootfs/var/run/docker.sock
240
241 # path to docker root folder (can fallback to use folder structure to read docker metadata)
242 dockerRootFolder = /rootfs/var/lib/docker/
243
244 # (obsolete) In case if pod metadata was not retrievied. how often collectord should retry to reload the pod metadata
245 # metadataFetchRetry = 5s
246
247 # (obsolete) In case if event is recent, how long pipeline should wait for the metadata to be available in Kubernetes API
248 # metadataFetchWait = 30s
249
250 # (obsolete) In case if collectord does not see new events for specific container and with the last metadata refresh
251 # We have not found this container - fow how long we should keep this metadata in cache.
252 # metadataTTL = 5s
253
254 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
255 timeout = 1m
256
257 # in case of Kubernetes/OpenShift if you schedule some containers with Docker, but not with the Kubernetes
258 # that allows us to find them (by default finding all containers with name not starting with k8s_)
259 containersNameFilter = ^(([^k])|(k[^8])|(k8[^s])|(k8s[^_])).*$
260
261 # regex to find docker container cgroups (helps excluding other cgroups with matched ID)
262 containersCgroupFilter = ^(/([^/\s]+/)*(docker-|docker/)[0-9a-f]{64}(\.scope)?)$
263
264
265 // connection to CRIO
266 [general.cri-o]
267
268 # url for CRIO API, only unix socket is supported
269 url = unix:///rootfs/var/run/crio/crio.sock
270
271 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
272 timeout = 1m
273
274
275 [general.containerd]
276
277 runtimePath = /rootfs/var/run/containerd
278 namespace = k8s.io
279
280
281 # Container Log files
282 [input.files]
283
284 # disable container logs monitoring
285 disabled = false
286
287 # root location of docker log files
288 # logs are expected in standard docker format like {containerID}/{containerID}-json.log
289 # rotated files
290 path = /rootfs/var/lib/docker/containers/
291 # root location of CRI-O files
292 # logs are expected in Kubernetes format, like {podID}/{containerName}/0.log
293 crioPath = /rootfs/var/log/pods/
294
295 # (obsolete) glob matching pattern for log files
296 # glob = */*-json.log*
297
298 # files are read using polling schema, when reach the EOF how often to check if files got updated
299 pollingInterval = 250ms
300
301 # how often to look for the new files under logs path
302 walkingInterval = 5s
303
304 # include verbose fields in events (file offset)
305 verboseFields = false
306
307 # docker splits events when they are larger than 10-100k (depends on the docker version)
308 # we join them together by default and forward to Syslog as one event
309 joinPartialEvents = true
310
311 # In case if your containers report messages with terminal colors or other escape sequences
312 # you can enable strip for all the containers in one place.
313 # Better is to enable it only for required container with the label collectord.io/strip-terminal-escape-sequences=true
314 stripTerminalEscapeSequences = false
315 # Regexp used for stripping terminal colors, it does not stip all the escape sequences
316 # Read http://man7.org/linux/man-pages/man4/console_codes.4.html for more information
317 stripTerminalEscapeSequencesRegex = (\x1b\[\d{1,3}(;\d{1,3})*m)|(\x07)|(\x1b]\d+(\s\d)?;[^\x07]+\x07)|(.*\x1b\[K)
318
319 # set output (syslog or devnull, default is [general]defaultOutput)
320 output =
321
322 # configure default thruput per second for for each container log
323 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
324 # from the single container to 128Kb per second.
325 thruputPerSecond =
326
327 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
328 # older than 7 days
329 tooOldEvents =
330
331 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
332 tooNewEvents =
333
334 # Syslog format
335 type = k8s_logs
336 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{namespace}|{pod_id}|{pod_name}|{container_name}|{stream}|{message}
337
338
339 # Application Logs
340 [input.app_logs]
341
342 # disable container application logs monitoring
343 disabled = false
344
345 # root location of mounts (applies to hostPath mounts only), if the hostPath differs inside container from the path on host
346 root = /rootfs/
347
348 # how often to review list of available volumes
349 syncInterval = 5s
350
351 # glob matching pattern for log files
352 glob = *.log*
353
354 # files are read using polling schema, when reach the EOF how often to check if files got updated
355 pollingInterval = 250ms
356
357 # how often to look for the new files under logs path
358 walkingInterval = 5s
359
360 # include verbose fields in events (file offset)
361 verboseFields = false
362
363 # we split files using new line character, with this configuration you can specify what defines the new event
364 # after new line
365 eventPatternRegex = ^[^\s]
366 # Maximum interval of messages in pipeline
367 eventPatternMaxInterval = 100ms
368 # Maximum time to wait for the messages in pipeline
369 eventPatternMaxWait = 1s
370 # Maximum message size
371 eventPatternMaxSize = 1MB
372
373 # set output (syslog or devnull, default is [general]defaultOutput)
374 output =
375
376 # configure default thruput per second for for each container log
377 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
378 # from the single container to 128Kb per second.
379 thruputPerSecond =
380
381 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
382 # older than 7 days
383 tooOldEvents =
384
385 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
386 tooNewEvents =
387
388 # syslog format
389 type = k8s_logs
390 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{namespace}|{pod_id}|{pod_name}|{container_name}|{file_name}|{message}
391
392
393 # Host logs. Input syslog(.\d+)? files
394 [input.files::syslog]
395
396 # disable host level logs
397 disabled = false
398
399 # root location of docker files
400 path = /rootfs/var/log/
401
402 # regex matching pattern
403 match = ^(syslog|messages)(.\d+)?$
404
405 # limit search only on one level
406 recursive = false
407
408 # files are read using polling schema, when reach the EOF how often to check if files got updated
409 pollingInterval = 250ms
410
411 # how often o look for the new files under logs path
412 walkingInterval = 5s
413
414 # include verbose fields in events (file offset)
415 verboseFields = false
416
417 # field extraction
418 extraction = ^(?P<timestamp>[A-Za-z]+\s+\d+\s\d+:\d+:\d+)\s(?P<syslog_hostname>[^\s]+)\s(?P<syslog_component>[^:\[]+)(\[(?P<syslog_pid>\d+)\])?: (.+)$
419 # extractionMessageField =
420
421 # timestamp field
422 timestampField = timestamp
423
424 # format for timestamp
425 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
426 timestampFormat = Jan 2 15:04:05
427
428 # Adjust date, if month/day aren't set in format
429 timestampSetMonth = false
430 timestampSetDay = false
431
432 # timestamp location (if not defined by format)
433 timestampLocation = Local
434
435 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
436 samplingPercent = -1
437
438 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
439 samplingKey =
440
441 # set output (syslog or devnull, default is [general]defaultOutput)
442 output =
443
444 # configure default thruput per second for this files group
445 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
446 # from the files in this group to 128Kb per second.
447 thruputPerSecond =
448
449 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
450 # older than 7 days
451 tooOldEvents =
452
453 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
454 tooNewEvents =
455
456 # syslog format
457 type = k8s_host_logs
458 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{file_name}|{message}
459
460
461 # Host logs. Input all *.log(.\d+)? files
462 [input.files::logs]
463
464 # disable host level logs
465 disabled = false
466
467 # root location of log files
468 path = /rootfs/var/log/
469
470 # regex matching pattern
471 match = ^(([\w\-.]+\.log(.[\d\-]+)?)|(docker))$
472
473 # files are read using polling schema, when reach the EOF how often to check if files got updated
474 pollingInterval = 250ms
475
476 # how often o look for the new files under logs path
477 walkingInterval = 5s
478
479 # include verbose fields in events (file offset)
480 verboseFields = false
481
482 # field extraction
483 extraction =
484 # extractionMessageField =
485
486 # timestamp field
487 timestampField =
488
489 # format for timestamp
490 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
491 timestampFormat =
492
493 # timestamp location (if not defined by format)
494 timestampLocation =
495
496 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
497 samplingPercent = -1
498
499 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
500 samplingKey =
501
502 # set output (syslog or devnull, default is [general]defaultOutput)
503 output =
504
505 # configure default thruput per second for this files group
506 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
507 # from the files in this group to 128Kb per second.
508 thruputPerSecond =
509
510 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
511 # older than 7 days
512 tooOldEvents =
513
514 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
515 tooNewEvents =
516
517 # syslog format
518 type = k8s_host_logs
519 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{file_name}|{message}
520
521
522 [input.journald]
523
524 # disable host level logs
525 disabled = false
526
527 # root location of log files
528 path.persistent = /rootfs/var/log/journal/
529 path.volatile = /rootfs/run/log/journal/
530
531 # when reach end of journald, how often to pull
532 pollingInterval = 250ms
533
534 # if you don't want to forward journald from the beginning,
535 # set the oldest event in relative value, like -14h or -30m or -30s (h/m/s supported)
536 startFromRel =
537
538 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
539 samplingPercent = -1
540
541 # sampling key (should be regexp with the named match pattern `key`)
542 samplingKey =
543
544 # how often to reopen the journald to free old files
545 reopenInterval = 1h
546
547 # set output (syslog or devnull, default is [general]defaultOutput)
548 output =
549
550 # configure default thruput per second for this files group
551 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
552 # from the files in this group to 128Kb per second.
553 thruputPerSecond =
554
555 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
556 # older than 7 days
557 tooOldEvents =
558
559 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
560 tooNewEvents =
561
562 # syslog format
563 type = k8s_host_logs
564 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|journald|{message}
565
566
567 # Pipe to join events (container logs only)
568 [pipe.join]
569
570 # disable joining event
571 disabled = false
572
573 # Maximum interval of messages in pipeline
574 maxInterval = 100ms
575
576 # Maximum time to wait for the messages in pipeline
577 maxWait = 1s
578
579 # Maximum message size
580 maxSize = 1MB
581
582 # Default pattern to indicate new message (should start not from space)
583 patternRegex = ^[^\s]
584
585
586 003-daemonset-master.conf: |
587
588
589 004-addon.conf: |
590 [general]
591
592 # addons can be run in parallel with agents
593 addon = true
594
595 [input.kubernetes_events]
596
597 # disable events
598 disabled = false
599
600 # (obsolete, depends on kubernetes timeout)
601 # Set the timeout for how long request to watch events going to hang reading.
602 # eventsWatchTimeout = 30m
603
604 # (obsolete, depends on kubernetes timeout)
605 # Ignore events last seen later that this duration.
606 # eventsTTL = 12h
607
608 # set output (syslog or devnull, default is [general]defaultOutput)
609 output =
610
611 # syslog format
612 type = k8s_events
613 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{message}
614
615
616---
617apiVersion: apps/v1
618kind: DaemonSet
619metadata:
620 name: collectorforkubernetes-syslog
621 namespace: collectorforkubernetes-syslog
622 labels:
623 app: collectorforkubernetes-syslog
624spec:
625 # Default updateStrategy is OnDelete. For collectord RollingUpdate is suitable
626 # When you update configuration
627 updateStrategy:
628 type: RollingUpdate
629 selector:
630 matchLabels:
631 daemon: collectorforkubernetes-syslog
632 template:
633 metadata:
634 name: collectorforkubernetes-syslog
635 labels:
636 daemon: collectorforkubernetes-syslog
637 spec:
638 priorityClassName: collectorforkubernetes-syslog-critical
639 dnsPolicy: ClusterFirstWithHostNet
640 hostNetwork: true
641 serviceAccountName: collectorforkubernetes-syslog
642 # We run this DaemonSet only for Non-Masters
643 affinity:
644 nodeAffinity:
645 requiredDuringSchedulingIgnoredDuringExecution:
646 nodeSelectorTerms:
647 - matchExpressions:
648 - key: node-role.kubernetes.io/master
649 operator: DoesNotExist
650 tolerations:
651 - operator: "Exists"
652 effect: "NoSchedule"
653 - operator: "Exists"
654 effect: "NoExecute"
655 containers:
656 - name: collectorforkubernetes-syslog
657 # Collectord version
658 image: docker.io/outcoldsolutions/collectorforkubernetes:25.10.3
659 imagePullPolicy: Always
660 securityContext:
661 runAsUser: 0
662 privileged: true
663 # Define your resources if you need. Defaults should be fine for most.
664 # You can lower or increase based on your hosts.
665 resources:
666 limits:
667 cpu: 2
668 memory: 512Mi
669 requests:
670 cpu: 200m
671 memory: 192Mi
672 env:
673 - name: KUBERNETES_NODENAME
674 valueFrom:
675 fieldRef:
676 fieldPath: spec.nodeName
677 - name: POD_NAME
678 valueFrom:
679 fieldRef:
680 fieldPath: metadata.name
681 volumeMounts:
682 # We store state in /data folder (file positions)
683 - name: collectorforkubernetes-syslog-state
684 mountPath: /data
685 # Configuration file deployed with ConfigMap
686 - name: collectorforkubernetes-syslog-config
687 mountPath: /config/
688 readOnly: true
689 # Cgroup filesystem to get metrics
690 - name: cgroup
691 mountPath: /rootfs/sys/fs/cgroup
692 readOnly: true
693 # Proc filesystem to get metrics
694 - name: proc
695 mountPath: /rootfs/proc
696 readOnly: true
697 # Location of docker root (for container logs and metadata)
698 - name: docker-root
699 mountPath: /rootfs/var/lib/docker/
700 readOnly: true
701 mountPropagation: HostToContainer
702 # Docker socket
703 - name: docker-unix-socket
704 mountPath: /rootfs/var/run/docker.sock
705 readOnly: true
706 # CRI-O socket (if using CRI-O runtime)
707 - name: crio-unix-socket
708 mountPath: /rootfs/var/run/crio/
709 readOnly: true
710 # Containerd socket (if using containerd runtime)
711 - name: containerd-unix-socket
712 mountPath: /rootfs/var/run/containerd/
713 readOnly: true
714 # Host logs location (including CRI-O logs)
715 - name: logs
716 mountPath: /rootfs/var/log/
717 readOnly: true
718 - name: run-logs
719 mountPath: /rootfs/run/log/
720 readOnly: true
721 # Application logs
722 - name: volumes-root
723 mountPath: /rootfs/var/lib/kubelet/
724 readOnly: true
725 mountPropagation: HostToContainer
726 # correct timezone
727 - name: localtime
728 mountPath: /etc/localtime
729 readOnly: true
730 volumes:
731 # We store state directly on host, change this location, if
732 # your persistent volume is somewhere else
733 - name: collectorforkubernetes-syslog-state
734 hostPath:
735 path: /var/lib/collectorforkubernetes-syslog/data/
736 # Location of docker root (for container logs and metadata)
737 - name: docker-root
738 hostPath:
739 path: /var/lib/docker/
740 # Location of cgroups file system
741 - name: cgroup
742 hostPath:
743 path: /sys/fs/cgroup
744 # Location of proc file system
745 - name: proc
746 hostPath:
747 path: /proc
748 # Host logs location (including CRI-O logs)
749 - name: logs
750 hostPath:
751 path: /var/log
752 - name: run-logs
753 hostPath:
754 path: /run/log
755 # Docker socket
756 - name: docker-unix-socket
757 hostPath:
758 path: /var/run/docker.sock
759 # CRI-O socket (if using CRI-O runtime)
760 - name: crio-unix-socket
761 hostPath:
762 path: /var/run/crio/
763 # containerd socket (if using containerd runtime)
764 - name: containerd-unix-socket
765 hostPath:
766 path: /var/run/containerd/
767 # Location for kubelet mounts, to autodiscover application logs
768 - name: volumes-root
769 hostPath:
770 path: /var/lib/kubelet/
771 # correct timezone
772 - name: localtime
773 hostPath:
774 path: /etc/localtime
775 # configuration from ConfigMap
776 - name: collectorforkubernetes-syslog-config
777 configMap:
778 name: collectorforkubernetes-syslog
779 items:
780 - key: 001-general.conf
781 path: 001-general.conf
782 - key: 002-daemonset.conf
783 path: 002-daemonset.conf
784---
785apiVersion: apps/v1
786kind: DaemonSet
787metadata:
788 name: collectorforkubernetes-syslog-master
789 namespace: collectorforkubernetes-syslog
790 labels:
791 app: collectorforkubernetes-syslog
792spec:
793 updateStrategy:
794 type: RollingUpdate
795 selector:
796 matchLabels:
797 daemon: collectorforkubernetes-syslog
798 template:
799 metadata:
800 name: collectorforkubernetes-syslog-master
801 labels:
802 daemon: collectorforkubernetes-syslog
803 spec:
804 priorityClassName: collectorforkubernetes-syslog-critical
805 dnsPolicy: ClusterFirstWithHostNet
806 hostNetwork: true
807 serviceAccountName: collectorforkubernetes-syslog
808 affinity:
809 nodeAffinity:
810 requiredDuringSchedulingIgnoredDuringExecution:
811 nodeSelectorTerms:
812 - matchExpressions:
813 - key: node-role.kubernetes.io/master
814 operator: Exists
815 tolerations:
816 - operator: "Exists"
817 effect: "NoSchedule"
818 - operator: "Exists"
819 effect: "NoExecute"
820 containers:
821 - name: collectorforkubernetes-syslog
822 image: docker.io/outcoldsolutions/collectorforkubernetes:25.10.3
823 imagePullPolicy: Always
824 securityContext:
825 runAsUser: 0
826 privileged: true
827 resources:
828 limits:
829 cpu: 2
830 memory: 512Mi
831 requests:
832 cpu: 200m
833 memory: 192Mi
834 env:
835 - name: KUBERNETES_NODENAME
836 valueFrom:
837 fieldRef:
838 fieldPath: spec.nodeName
839 - name: POD_NAME
840 valueFrom:
841 fieldRef:
842 fieldPath: metadata.name
843 volumeMounts:
844 - name: collectorforkubernetes-syslog-state
845 mountPath: /data
846 - name: collectorforkubernetes-syslog-config
847 mountPath: /config/
848 readOnly: true
849 - name: cgroup
850 mountPath: /rootfs/sys/fs/cgroup
851 readOnly: true
852 - name: proc
853 mountPath: /rootfs/proc
854 readOnly: true
855 - name: docker-logs
856 mountPath: /rootfs/var/lib/docker/
857 readOnly: true
858 mountPropagation: HostToContainer
859 - name: docker-unix-socket
860 mountPath: /rootfs/var/run/docker.sock
861 readOnly: true
862 - name: crio-unix-socket
863 mountPath: /rootfs/var/run/crio/
864 readOnly: true
865 - name: containerd-unix-socket
866 mountPath: /rootfs/var/run/containerd/
867 readOnly: true
868 - name: logs
869 mountPath: /rootfs/var/log/
870 readOnly: true
871 - name: run-logs
872 mountPath: /rootfs/run/log/
873 readOnly: true
874 - name: k8s-certs
875 mountPath: /rootfs/etc/kubernetes/pki/
876 readOnly: true
877 - name: kubelet-root
878 mountPath: /rootfs/var/lib/kubelet/
879 readOnly: true
880 mountPropagation: HostToContainer
881 - name: localtime
882 mountPath: /etc/localtime
883 readOnly: true
884 volumes:
885 - name: collectorforkubernetes-syslog-state
886 hostPath:
887 path: /var/lib/collectorforkubernetes-syslog/data/
888 - name: docker-logs
889 hostPath:
890 path: /var/lib/docker/
891 - name: cgroup
892 hostPath:
893 path: /sys/fs/cgroup
894 - name: proc
895 hostPath:
896 path: /proc
897 - name: logs
898 hostPath:
899 path: /var/log
900 - name: run-logs
901 hostPath:
902 path: /run/log
903 - name: docker-unix-socket
904 hostPath:
905 path: /var/run/docker.sock
906 - name: crio-unix-socket
907 hostPath:
908 path: /var/run/crio/
909 - name: containerd-unix-socket
910 hostPath:
911 path: /var/run/containerd/
912 - name: k8s-certs
913 hostPath:
914 path: /etc/kubernetes/pki/
915 - name: kubelet-root
916 hostPath:
917 path: /var/lib/kubelet/
918 - name: localtime
919 hostPath:
920 path: /etc/localtime
921 - name: collectorforkubernetes-syslog-config
922 configMap:
923 name: collectorforkubernetes-syslog
924 items:
925 - key: 001-general.conf
926 path: 001-general.conf
927 - key: 002-daemonset.conf
928 path: 002-daemonset.conf
929 - key: 003-daemonset-master.conf
930 path: 003-daemonset-master.conf
931---
932apiVersion: apps/v1
933kind: Deployment
934metadata:
935 name: collectorforkubernetes-syslog-addon
936 namespace: collectorforkubernetes-syslog
937 labels:
938 app: collectorforkubernetes-syslog
939spec:
940 replicas: 1
941 selector:
942 matchLabels:
943 daemon: collectorforkubernetes-syslog
944 template:
945 metadata:
946 name: collectorforkubernetes-syslog-addon
947 labels:
948 daemon: collectorforkubernetes-syslog
949 spec:
950 priorityClassName: collectorforkubernetes-syslog-critical
951 serviceAccountName: collectorforkubernetes-syslog
952 containers:
953 - name: collectorforkubernetes-syslog
954 image: docker.io/outcoldsolutions/collectorforkubernetes:25.10.3
955 imagePullPolicy: Always
956 securityContext:
957 runAsUser: 0
958 privileged: true
959 resources:
960 limits:
961 cpu: 500m
962 memory: 256Mi
963 requests:
964 cpu: 50m
965 memory: 64Mi
966 env:
967 - name: KUBERNETES_NODENAME
968 valueFrom:
969 fieldRef:
970 fieldPath: spec.nodeName
971 - name: POD_NAME
972 valueFrom:
973 fieldRef:
974 fieldPath: metadata.name
975 volumeMounts:
976 - name: collectorforkubernetes-syslog-state
977 mountPath: /data
978 - name: collectorforkubernetes-syslog-config
979 mountPath: /config/
980 readOnly: true
981 volumes:
982 - name: collectorforkubernetes-syslog-state
983 hostPath:
984 path: /var/lib/collectorforkubernetes-syslog/data/
985 - name: collectorforkubernetes-syslog-config
986 configMap:
987 name: collectorforkubernetes-syslog
988 items:
989 - key: 001-general.conf
990 path: 001-general.conf
991 - key: 004-addon.conf
992 path: 004-addon.conf
