Download
Link
collectorforkubernetes-syslog.yaml
CURL
1curl -O https://www.outcoldsolutions.com/docs/syslog-kubernetes/collectorforkubernetes-syslog.yamlWGET
1wget https://www.outcoldsolutions.com/docs/syslog-kubernetes/collectorforkubernetes-syslog.yamlcollectorforkubernetes-syslog.yaml
1apiVersion: v1
2kind: Namespace
3metadata:
4 labels:
5 app: collectorforkubernetes-syslog
6 name: collectorforkubernetes-syslog
7---
8apiVersion: apiextensions.k8s.io/v1beta1
9kind: CustomResourceDefinition
10metadata:
11 name: configurations.collectord.io
12spec:
13 group: collectord.io
14 versions:
15 - name: v1
16 served: true
17 storage: true
18 scope: Cluster
19 names:
20 plural: configurations
21 singular: configuration
22 kind: Configuration
23---
24apiVersion: v1
25kind: ServiceAccount
26metadata:
27 labels:
28 app: collectorforkubernetes-syslog
29 name: collectorforkubernetes-syslog
30 namespace: collectorforkubernetes-syslog
31---
32apiVersion: scheduling.k8s.io/v1
33kind: PriorityClass
34metadata:
35 name: collectorforkubernetes-syslog-critical
36value: 1000000000
37---
38apiVersion: rbac.authorization.k8s.io/v1
39kind: ClusterRole
40metadata:
41 labels:
42 app: collectorforkubernetes-syslog
43 name: collectorforkubernetes-syslog
44rules:
45- apiGroups: ['extensions']
46 resources: ['podsecuritypolicies']
47 verbs: ['use']
48 resourceNames:
49 - privileged
50- apiGroups:
51 - '*'
52 resources:
53 - '*'
54 verbs:
55 - get
56 - list
57 - watch
58---
59apiVersion: rbac.authorization.k8s.io/v1
60kind: ClusterRoleBinding
61metadata:
62 labels:
63 app: collectorforkubernetes-syslog
64 name: collectorforkubernetes-syslog
65 namespace: collectorforkubernetes-syslog
66roleRef:
67 apiGroup: rbac.authorization.k8s.io
68 kind: ClusterRole
69 name: collectorforkubernetes-syslog
70subjects:
71 - kind: ServiceAccount
72 name: collectorforkubernetes-syslog
73 namespace: collectorforkubernetes-syslog
74---
75apiVersion: v1
76kind: ConfigMap
77metadata:
78 name: collectorforkubernetes-syslog
79 namespace: collectorforkubernetes-syslog
80 labels:
81 app: collectorforkubernetes-syslog
82data:
83 001-general.conf: |
84 # The general configuration is used for all deployments
85 #
86 # Run collectord with the flag -conf and specify location of the configuration files.
87 #
88 # You can override all the values using environment variables with the format like
89 # COLLECTOR__<ANYNAME>=<section>__<key>=<value>
90 # As an example you can set dataPath in [general] section as
91 # COLLECTOR__DATAPATH=general__dataPath=C:\\some\\path\\data.db
92 # This parameter can be configured using -env-override, set it to empty string to disable this feature
93
94 [general]
95
96 # Review License https://www.outcoldsolutions.com/docs/license-agreement/
97 # and accept License by changing the value to *true*
98 acceptLicense = false
99
100 # Location for the database
101 # Collectord stores positions of the files and internal state
102 dataPath = ./data/
103
104 # log level (accepted values are trace, debug, info, warn, error, fatal)
105 logLevel = info
106
107 # http server gives access to two endpoints
108 # /healthz
109 # /metrics
110 httpServerBinding =
111
112 # telemetry report endpoint, set it to empty string to disable telemetry
113 telemetryEndpoint = https://license.outcold.solutions/telemetry/
114
115 # license check endpoint
116 licenseEndpoint = https://license.outcold.solutions/license/
117
118 # license server through proxy
119 licenseServerProxyUrl =
120
121 # authentication with basic authorization (user:password)
122 licenseServerProxyBasicAuth =
123
124 # license key
125 license =
126
127 # Environment variable $KUBERNETES_NODENAME is used by default to setup hostname
128 # Use value below to override specific name
129 hostname =
130
131 # Default output for events, logs and metrics
132 # valid values: syslog and devnull
133 # Use devnull by default if you don't want to redirect data
134 defaultOutput = syslog
135
136 # Default buffer size for file input
137 fileInputBufferSize = 256b
138
139 # Maximum size of one line the file reader can read
140 fileInputLineMaxSize = 1mb
141
142 # Include custom fields to attach to every event, in example below every event sent to Syslog will have
143 # indexed field my_environment=dev. Fields names should match to ^[a-z][_a-z0-9]*$
144 # Better way to configure that is to specify labels for Kubernetes Nodes.
145 # ; fields.my_environment = dev
146 # Identify the cluster if you are planning to monitor multiple clusters
147 fields.cluster = -
148
149 # Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
150 # Should be in format ec2Metadata.{desired_field_name} = {url path to read the value}
151 # ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id
152 # ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type
153
154 # subdomain for the annotations added to the pods, workloads, namespaces or containers, like syslog.collectord.io/..
155 annotationsSubdomain = syslog
156
157 # Configure acknowledgement database.
158 # - force fsync on every write to Write-Ahead-Log
159 db.fsync = false
160 # - maximum size of the Write-Ahead-Log
161 db.compactAt = 1M
162
163 # configure global thruput per second for forwarded logs (metrics are not included)
164 # for example if you set `thruputPerSecond = 512Kb`, that will limit amount of logs forwarded
165 # from the single Collectord instance to 512Kb per second.
166 # You can configure thruput individually for the logs (including specific for container logs) below
167 thruputPerSecond =
168
169 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
170 # older than 7 days
171 tooOldEvents =
172
173 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
174 tooNewEvents =
175
176 # Multi-output async publishing. When enabled (default), events routed to
177 # non-default outputs are published asynchronously so that a slow or down
178 # output does not block events destined for other outputs.
179 ; multioutput.async = true
180 # Buffer size for the async proxy (default 100). Absorbs transient bursts.
181 # When this buffer and the output's own queue are both full, events are
182 # dropped immediately without blocking the pipeline.
183 ; multioutput.asyncBufferSize = 100
184
185 # connection to kubernetes api
186 [general.kubernetes]
187
188 # Environment variable $KUBERNETES_NODENAME is used by default to setup nodeName
189 # Use it only when you need to override it
190 nodeName =
191
192 # Configuration to access the API server,
193 # see https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
194 # for details
195 tokenPath = /var/run/secrets/kubernetes.io/serviceaccount/token
196 certPath = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
197
198 # Default timeout for http responses. The streaming/watch requests depend on this timeout.
199 timeout = 30m
200
201 # (obsolete) In case if pod metadata was not retrievied. how often collectord should retry to reload the pod metadata
202 # metadataFetchRetry = 5s
203
204 # (obsolete) In case if event is recent, how long pipeline should wait for the metadata to be available in Kubernetes API
205 # metadataFetchWait = 30s
206
207 # How long to keep the cache for the recent calls to API server (to limit number of calls when collectord discovers new pods)
208 metadataTTL = 30s
209
210 # regex to find pods
211 podsCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?$
212
213 # regex to find containers in the pods
214 containersCgroupFilter = ^/([^/\s]+/)*kubepods(\.slice)?/((kubepods-)?(burstable|besteffort)(\.slice)?/)?([^/]*)pod([0-9a-f]{32}|[0-9a-f\-_]{36})(\.slice)?/(docker-|crio-)?[0-9a-f]{64}(\.scope)?(\/.+)?$
215
216 # path to the kubelet root location (use it to discover application logs for emptyDir)
217 # the expected format is `pods/{pod-id}/volumes/kubernetes.io~empty-dir/{volume-name}/_data/`
218 volumesRootDir = /rootfs/var/lib/kubelet/
219
220 # You can attach annotations as a metadata, using the format
221 # includeAnnotations.{key} = {regexp}
222 # For example if you want to include all annotations that starts with `prometheus.io` or `example.com` you can include
223 # the following format:
224 # includeAnnotations.1 = ^prometheus\.io.*
225 # includeAnnotations.2 = ^example\.com.*
226
227 # watch for changes (annotations) in the objects
228 watch.namespaces = v1/namespace
229 watch.deployments = apps/v1/deployment
230 watch.configurations = apis/v1/collectord.io/configuration
231
232
233 # Syslog output
234 [output.syslog]
235
236 # tcp or udp
237 network = tcp
238 # syslog destination
239 address =
240
241 002-daemonset.conf: |
242 # DaemonSet configuration is used for Nodes and Masters.
243
244 # Connection to the docker host
245 [general.docker]
246
247 # url for docker API, only unix socket is supported
248 url = unix:///rootfs/var/run/docker.sock
249
250 # path to docker root folder (can fallback to use folder structure to read docker metadata)
251 dockerRootFolder = /rootfs/var/lib/docker/
252
253 # (obsolete) In case if pod metadata was not retrievied. how often collectord should retry to reload the pod metadata
254 # metadataFetchRetry = 5s
255
256 # (obsolete) In case if event is recent, how long pipeline should wait for the metadata to be available in Kubernetes API
257 # metadataFetchWait = 30s
258
259 # (obsolete) In case if collectord does not see new events for specific container and with the last metadata refresh
260 # We have not found this container - fow how long we should keep this metadata in cache.
261 # metadataTTL = 5s
262
263 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
264 timeout = 1m
265
266 # in case of Kubernetes/OpenShift if you schedule some containers with Docker, but not with the Kubernetes
267 # that allows us to find them (by default finding all containers with name not starting with k8s_)
268 containersNameFilter = ^(([^k])|(k[^8])|(k8[^s])|(k8s[^_])).*$
269
270 # regex to find docker container cgroups (helps excluding other cgroups with matched ID)
271 containersCgroupFilter = ^(/([^/\s]+/)*(docker-|docker/)[0-9a-f]{64}(\.scope)?)$
272
273
274 // connection to CRIO
275 [general.cri-o]
276
277 # url for CRIO API, only unix socket is supported
278 url = unix:///rootfs/var/run/crio/crio.sock
279
280 # Timeout for http responses to docker client. The streaming requests depend on this timeout.
281 timeout = 1m
282
283
284 [general.containerd]
285
286 runtimePath = /rootfs/var/run/containerd
287 namespace = k8s.io
288
289
290 # Container Log files
291 [input.files]
292
293 # disable container logs monitoring
294 disabled = false
295
296 # root location of docker log files
297 # logs are expected in standard docker format like {containerID}/{containerID}-json.log
298 # rotated files
299 path = /rootfs/var/lib/docker/containers/
300 # root location of CRI-O files
301 # logs are expected in Kubernetes format, like {podID}/{containerName}/0.log
302 crioPath = /rootfs/var/log/pods/
303
304 # (obsolete) glob matching pattern for log files
305 # glob = */*-json.log*
306
307 # files are read using polling schema, when reach the EOF how often to check if files got updated
308 pollingInterval = 250ms
309
310 # how often to look for the new files under logs path
311 walkingInterval = 5s
312
313 # include verbose fields in events (file offset)
314 verboseFields = false
315
316 # docker splits events when they are larger than 10-100k (depends on the docker version)
317 # we join them together by default and forward to Syslog as one event
318 joinPartialEvents = true
319
320 # In case if your containers report messages with terminal colors or other escape sequences
321 # you can enable strip for all the containers in one place.
322 # Better is to enable it only for required container with the label collectord.io/strip-terminal-escape-sequences=true
323 stripTerminalEscapeSequences = false
324 # Regexp used for stripping terminal colors, it does not stip all the escape sequences
325 # Read https://man7.org/linux/man-pages/man4/console_codes.4.html for more information
326 stripTerminalEscapeSequencesRegex = (\x1b\[\d{1,3}(;\d{1,3})*m)|(\x07)|(\x1b]\d+(\s\d)?;[^\x07]+\x07)|(.*\x1b\[K)
327
328 # set output (syslog or devnull, default is [general]defaultOutput)
329 output =
330
331 # configure default thruput per second for for each container log
332 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
333 # from the single container to 128Kb per second.
334 thruputPerSecond =
335
336 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
337 # older than 7 days
338 tooOldEvents =
339
340 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
341 tooNewEvents =
342
343 # Syslog format
344 type = k8s_logs
345 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{namespace}|{pod_id}|{pod_name}|{container_name}|{stream}|{message}
346
347
348 # Application Logs
349 [input.app_logs]
350
351 # disable container application logs monitoring
352 disabled = false
353
354 # root location of mounts (applies to hostPath mounts only), if the hostPath differs inside container from the path on host
355 root = /rootfs/
356
357 # how often to review list of available volumes
358 syncInterval = 5s
359
360 # glob matching pattern for log files
361 glob = *.log*
362
363 # files are read using polling schema, when reach the EOF how often to check if files got updated
364 pollingInterval = 250ms
365
366 # how often to look for the new files under logs path
367 walkingInterval = 5s
368
369 # include verbose fields in events (file offset)
370 verboseFields = false
371
372 # we split files using new line character, with this configuration you can specify what defines the new event
373 # after new line
374 eventPatternRegex = ^[^\s]
375 # Maximum interval of messages in pipeline
376 eventPatternMaxInterval = 100ms
377 # Maximum time to wait for the messages in pipeline
378 eventPatternMaxWait = 1s
379 # Maximum message size
380 eventPatternMaxSize = 1MB
381
382 # set output (syslog or devnull, default is [general]defaultOutput)
383 output =
384
385 # configure default thruput per second for for each container log
386 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
387 # from the single container to 128Kb per second.
388 thruputPerSecond =
389
390 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
391 # older than 7 days
392 tooOldEvents =
393
394 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
395 tooNewEvents =
396
397 # syslog format
398 type = k8s_logs
399 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{namespace}|{pod_id}|{pod_name}|{container_name}|{file_name}|{message}
400
401
402 # Host logs. Input syslog(.\d+)? files
403 [input.files::syslog]
404
405 # disable host level logs
406 disabled = false
407
408 # root location of docker files
409 path = /rootfs/var/log/
410
411 # regex matching pattern
412 match = ^(syslog|messages)(.\d+)?$
413
414 # limit search only on one level
415 recursive = false
416
417 # files are read using polling schema, when reach the EOF how often to check if files got updated
418 pollingInterval = 250ms
419
420 # how often o look for the new files under logs path
421 walkingInterval = 5s
422
423 # include verbose fields in events (file offset)
424 verboseFields = false
425
426 # field extraction
427 extraction = ^(?P<timestamp>[A-Za-z]+\s+\d+\s\d+:\d+:\d+)\s(?P<syslog_hostname>[^\s]+)\s(?P<syslog_component>[^:\[]+)(\[(?P<syslog_pid>\d+)\])?: (.+)$
428 # extractionMessageField =
429
430 # timestamp field
431 timestampField = timestamp
432
433 # format for timestamp
434 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
435 timestampFormat = Jan 2 15:04:05
436
437 # Adjust date, if month/day aren't set in format
438 timestampSetMonth = false
439 timestampSetDay = false
440
441 # timestamp location (if not defined by format)
442 timestampLocation = Local
443
444 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
445 samplingPercent = -1
446
447 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
448 samplingKey =
449
450 # set output (syslog or devnull, default is [general]defaultOutput)
451 output =
452
453 # configure default thruput per second for this files group
454 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
455 # from the files in this group to 128Kb per second.
456 thruputPerSecond =
457
458 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
459 # older than 7 days
460 tooOldEvents =
461
462 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
463 tooNewEvents =
464
465 # syslog format
466 type = k8s_host_logs
467 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{file_name}|{message}
468
469
470 # Host logs. Input all *.log(.\d+)? files
471 [input.files::logs]
472
473 # disable host level logs
474 disabled = false
475
476 # root location of log files
477 path = /rootfs/var/log/
478
479 # regex matching pattern
480 match = ^(([\w\-.]+\.log(.[\d\-]+)?)|(docker))$
481
482 # files are read using polling schema, when reach the EOF how often to check if files got updated
483 pollingInterval = 250ms
484
485 # how often o look for the new files under logs path
486 walkingInterval = 5s
487
488 # include verbose fields in events (file offset)
489 verboseFields = false
490
491 # field extraction
492 extraction =
493 # extractionMessageField =
494
495 # timestamp field
496 timestampField =
497
498 # format for timestamp
499 # the layout defines the format by showing how the reference time, defined to be `Mon Jan 2 15:04:05 -0700 MST 2006`
500 timestampFormat =
501
502 # timestamp location (if not defined by format)
503 timestampLocation =
504
505 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
506 samplingPercent = -1
507
508 # sampling key for hash based sampling (should be regexp with the named match pattern `key`)
509 samplingKey =
510
511 # set output (syslog or devnull, default is [general]defaultOutput)
512 output =
513
514 # configure default thruput per second for this files group
515 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
516 # from the files in this group to 128Kb per second.
517 thruputPerSecond =
518
519 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
520 # older than 7 days
521 tooOldEvents =
522
523 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
524 tooNewEvents =
525
526 # syslog format
527 type = k8s_host_logs
528 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|{file_name}|{message}
529
530
531 [input.journald]
532
533 # disable host level logs
534 disabled = false
535
536 # root location of log files
537 path.persistent = /rootfs/var/log/journal/
538 path.volatile = /rootfs/run/log/journal/
539
540 # when reach end of journald, how often to pull
541 pollingInterval = 250ms
542
543 # if you don't want to forward journald from the beginning,
544 # set the oldest event in relative value, like -14h or -30m or -30s (h/m/s supported)
545 startFromRel =
546
547 # sample output (-1 does not sample, 20 - only 20% of the logs should be forwarded)
548 samplingPercent = -1
549
550 # sampling key (should be regexp with the named match pattern `key`)
551 samplingKey =
552
553 # how often to reopen the journald to free old files
554 reopenInterval = 1h
555
556 # set output (syslog or devnull, default is [general]defaultOutput)
557 output =
558
559 # configure default thruput per second for this files group
560 # for example if you set `thruputPerSecond = 128Kb`, that will limit amount of logs forwarded
561 # from the files in this group to 128Kb per second.
562 thruputPerSecond =
563
564 # Configure events that are too old to be forwarded, for example 168h (7 days) - that will drop all events
565 # older than 7 days
566 tooOldEvents =
567
568 # Configure events that are too new to be forwarded, for example 1h - that will drop all events that are 1h in future
569 tooNewEvents =
570
571 # syslog format
572 type = k8s_host_logs
573 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{host}|journald|{message}
574
575
576 # Pipe to join events (container logs only)
577 [pipe.join]
578
579 # disable joining event
580 disabled = false
581
582 # Maximum interval of messages in pipeline
583 maxInterval = 100ms
584
585 # Maximum time to wait for the messages in pipeline
586 maxWait = 1s
587
588 # Maximum message size
589 maxSize = 1MB
590
591 # Default pattern to indicate new message (should start not from space)
592 patternRegex = ^[^\s]
593
594
595 003-daemonset-master.conf: |
596
597
598 004-addon.conf: |
599 [general]
600
601 # addons can be run in parallel with agents
602 addon = true
603
604 [input.kubernetes_events]
605
606 # disable events
607 disabled = false
608
609 # (obsolete, depends on kubernetes timeout)
610 # Set the timeout for how long request to watch events going to hang reading.
611 # eventsWatchTimeout = 30m
612
613 # (obsolete, depends on kubernetes timeout)
614 # Ignore events last seen later that this duration.
615 # eventsTTL = 12h
616
617 # set output (syslog or devnull, default is [general]defaultOutput)
618 output =
619
620 # syslog format
621 type = k8s_events
622 syslog.format = {type}|{timestamp::format(2006-01-02T15:04:05.999999999Z07:00)}|{cluster}|{message}
623
624
625---
626apiVersion: apps/v1
627kind: DaemonSet
628metadata:
629 name: collectorforkubernetes-syslog
630 namespace: collectorforkubernetes-syslog
631 labels:
632 app: collectorforkubernetes-syslog
633spec:
634 # Default updateStrategy is OnDelete. For collectord RollingUpdate is suitable
635 # When you update configuration
636 updateStrategy:
637 type: RollingUpdate
638 selector:
639 matchLabels:
640 daemon: collectorforkubernetes-syslog
641 template:
642 metadata:
643 name: collectorforkubernetes-syslog
644 labels:
645 daemon: collectorforkubernetes-syslog
646 spec:
647 priorityClassName: collectorforkubernetes-syslog-critical
648 dnsPolicy: ClusterFirstWithHostNet
649 hostNetwork: true
650 serviceAccountName: collectorforkubernetes-syslog
651 # We run this DaemonSet only for Non-Masters
652 affinity:
653 nodeAffinity:
654 requiredDuringSchedulingIgnoredDuringExecution:
655 nodeSelectorTerms:
656 - matchExpressions:
657 - key: node-role.kubernetes.io/master
658 operator: DoesNotExist
659 tolerations:
660 - operator: "Exists"
661 effect: "NoSchedule"
662 - operator: "Exists"
663 effect: "NoExecute"
664 containers:
665 - name: collectorforkubernetes-syslog
666 # Collectord version
667 image: docker.io/outcoldsolutions/collectorforkubernetes:26.04.1
668 imagePullPolicy: Always
669 securityContext:
670 runAsUser: 0
671 privileged: true
672 # Define your resources if you need. Defaults should be fine for most.
673 # You can lower or increase based on your hosts.
674 resources:
675 limits:
676 cpu: 2
677 memory: 512Mi
678 requests:
679 cpu: 200m
680 memory: 192Mi
681 env:
682 - name: KUBERNETES_NODENAME
683 valueFrom:
684 fieldRef:
685 fieldPath: spec.nodeName
686 - name: POD_NAME
687 valueFrom:
688 fieldRef:
689 fieldPath: metadata.name
690 volumeMounts:
691 # We store state in /data folder (file positions)
692 - name: collectorforkubernetes-syslog-state
693 mountPath: /data
694 # Configuration file deployed with ConfigMap
695 - name: collectorforkubernetes-syslog-config
696 mountPath: /config/
697 readOnly: true
698 # Cgroup filesystem to get metrics
699 - name: cgroup
700 mountPath: /rootfs/sys/fs/cgroup
701 readOnly: true
702 # Proc filesystem to get metrics
703 - name: proc
704 mountPath: /rootfs/proc
705 readOnly: true
706 # Location of docker root (for container logs and metadata)
707 - name: docker-root
708 mountPath: /rootfs/var/lib/docker/
709 readOnly: true
710 mountPropagation: HostToContainer
711 # Docker socket
712 - name: docker-unix-socket
713 mountPath: /rootfs/var/run/docker.sock
714 readOnly: true
715 # CRI-O socket (if using CRI-O runtime)
716 - name: crio-unix-socket
717 mountPath: /rootfs/var/run/crio/
718 readOnly: true
719 # Containerd socket (if using containerd runtime)
720 - name: containerd-unix-socket
721 mountPath: /rootfs/var/run/containerd/
722 readOnly: true
723 # Host logs location (including CRI-O logs)
724 - name: logs
725 mountPath: /rootfs/var/log/
726 readOnly: true
727 - name: run-logs
728 mountPath: /rootfs/run/log/
729 readOnly: true
730 # Application logs
731 - name: volumes-root
732 mountPath: /rootfs/var/lib/kubelet/
733 readOnly: true
734 mountPropagation: HostToContainer
735 # correct timezone
736 - name: localtime
737 mountPath: /etc/localtime
738 readOnly: true
739 volumes:
740 # We store state directly on host, change this location, if
741 # your persistent volume is somewhere else
742 - name: collectorforkubernetes-syslog-state
743 hostPath:
744 path: /var/lib/collectorforkubernetes-syslog/data/
745 # Location of docker root (for container logs and metadata)
746 - name: docker-root
747 hostPath:
748 path: /var/lib/docker/
749 # Location of cgroups file system
750 - name: cgroup
751 hostPath:
752 path: /sys/fs/cgroup
753 # Location of proc file system
754 - name: proc
755 hostPath:
756 path: /proc
757 # Host logs location (including CRI-O logs)
758 - name: logs
759 hostPath:
760 path: /var/log
761 - name: run-logs
762 hostPath:
763 path: /run/log
764 # Docker socket
765 - name: docker-unix-socket
766 hostPath:
767 path: /var/run/docker.sock
768 # CRI-O socket (if using CRI-O runtime)
769 - name: crio-unix-socket
770 hostPath:
771 path: /var/run/crio/
772 # containerd socket (if using containerd runtime)
773 - name: containerd-unix-socket
774 hostPath:
775 path: /var/run/containerd/
776 # Location for kubelet mounts, to autodiscover application logs
777 - name: volumes-root
778 hostPath:
779 path: /var/lib/kubelet/
780 # correct timezone
781 - name: localtime
782 hostPath:
783 path: /etc/localtime
784 # configuration from ConfigMap
785 - name: collectorforkubernetes-syslog-config
786 configMap:
787 name: collectorforkubernetes-syslog
788 items:
789 - key: 001-general.conf
790 path: 001-general.conf
791 - key: 002-daemonset.conf
792 path: 002-daemonset.conf
793---
794apiVersion: apps/v1
795kind: DaemonSet
796metadata:
797 name: collectorforkubernetes-syslog-master
798 namespace: collectorforkubernetes-syslog
799 labels:
800 app: collectorforkubernetes-syslog
801spec:
802 updateStrategy:
803 type: RollingUpdate
804 selector:
805 matchLabels:
806 daemon: collectorforkubernetes-syslog
807 template:
808 metadata:
809 name: collectorforkubernetes-syslog-master
810 labels:
811 daemon: collectorforkubernetes-syslog
812 spec:
813 priorityClassName: collectorforkubernetes-syslog-critical
814 dnsPolicy: ClusterFirstWithHostNet
815 hostNetwork: true
816 serviceAccountName: collectorforkubernetes-syslog
817 affinity:
818 nodeAffinity:
819 requiredDuringSchedulingIgnoredDuringExecution:
820 nodeSelectorTerms:
821 - matchExpressions:
822 - key: node-role.kubernetes.io/master
823 operator: Exists
824 tolerations:
825 - operator: "Exists"
826 effect: "NoSchedule"
827 - operator: "Exists"
828 effect: "NoExecute"
829 containers:
830 - name: collectorforkubernetes-syslog
831 image: docker.io/outcoldsolutions/collectorforkubernetes:26.04.1
832 imagePullPolicy: Always
833 securityContext:
834 runAsUser: 0
835 privileged: true
836 resources:
837 limits:
838 cpu: 2
839 memory: 512Mi
840 requests:
841 cpu: 200m
842 memory: 192Mi
843 env:
844 - name: KUBERNETES_NODENAME
845 valueFrom:
846 fieldRef:
847 fieldPath: spec.nodeName
848 - name: POD_NAME
849 valueFrom:
850 fieldRef:
851 fieldPath: metadata.name
852 volumeMounts:
853 - name: collectorforkubernetes-syslog-state
854 mountPath: /data
855 - name: collectorforkubernetes-syslog-config
856 mountPath: /config/
857 readOnly: true
858 - name: cgroup
859 mountPath: /rootfs/sys/fs/cgroup
860 readOnly: true
861 - name: proc
862 mountPath: /rootfs/proc
863 readOnly: true
864 - name: docker-logs
865 mountPath: /rootfs/var/lib/docker/
866 readOnly: true
867 mountPropagation: HostToContainer
868 - name: docker-unix-socket
869 mountPath: /rootfs/var/run/docker.sock
870 readOnly: true
871 - name: crio-unix-socket
872 mountPath: /rootfs/var/run/crio/
873 readOnly: true
874 - name: containerd-unix-socket
875 mountPath: /rootfs/var/run/containerd/
876 readOnly: true
877 - name: logs
878 mountPath: /rootfs/var/log/
879 readOnly: true
880 - name: run-logs
881 mountPath: /rootfs/run/log/
882 readOnly: true
883 - name: k8s-certs
884 mountPath: /rootfs/etc/kubernetes/pki/
885 readOnly: true
886 - name: kubelet-root
887 mountPath: /rootfs/var/lib/kubelet/
888 readOnly: true
889 mountPropagation: HostToContainer
890 - name: localtime
891 mountPath: /etc/localtime
892 readOnly: true
893 volumes:
894 - name: collectorforkubernetes-syslog-state
895 hostPath:
896 path: /var/lib/collectorforkubernetes-syslog/data/
897 - name: docker-logs
898 hostPath:
899 path: /var/lib/docker/
900 - name: cgroup
901 hostPath:
902 path: /sys/fs/cgroup
903 - name: proc
904 hostPath:
905 path: /proc
906 - name: logs
907 hostPath:
908 path: /var/log
909 - name: run-logs
910 hostPath:
911 path: /run/log
912 - name: docker-unix-socket
913 hostPath:
914 path: /var/run/docker.sock
915 - name: crio-unix-socket
916 hostPath:
917 path: /var/run/crio/
918 - name: containerd-unix-socket
919 hostPath:
920 path: /var/run/containerd/
921 - name: k8s-certs
922 hostPath:
923 path: /etc/kubernetes/pki/
924 - name: kubelet-root
925 hostPath:
926 path: /var/lib/kubelet/
927 - name: localtime
928 hostPath:
929 path: /etc/localtime
930 - name: collectorforkubernetes-syslog-config
931 configMap:
932 name: collectorforkubernetes-syslog
933 items:
934 - key: 001-general.conf
935 path: 001-general.conf
936 - key: 002-daemonset.conf
937 path: 002-daemonset.conf
938 - key: 003-daemonset-master.conf
939 path: 003-daemonset-master.conf
940---
941apiVersion: apps/v1
942kind: Deployment
943metadata:
944 name: collectorforkubernetes-syslog-addon
945 namespace: collectorforkubernetes-syslog
946 labels:
947 app: collectorforkubernetes-syslog
948spec:
949 replicas: 1
950 selector:
951 matchLabels:
952 daemon: collectorforkubernetes-syslog
953 template:
954 metadata:
955 name: collectorforkubernetes-syslog-addon
956 labels:
957 daemon: collectorforkubernetes-syslog
958 spec:
959 priorityClassName: collectorforkubernetes-syslog-critical
960 serviceAccountName: collectorforkubernetes-syslog
961 containers:
962 - name: collectorforkubernetes-syslog
963 image: docker.io/outcoldsolutions/collectorforkubernetes:26.04.1
964 imagePullPolicy: Always
965 securityContext:
966 runAsUser: 0
967 privileged: true
968 resources:
969 limits:
970 cpu: 500m
971 memory: 256Mi
972 requests:
973 cpu: 50m
974 memory: 64Mi
975 env:
976 - name: KUBERNETES_NODENAME
977 valueFrom:
978 fieldRef:
979 fieldPath: spec.nodeName
980 - name: POD_NAME
981 valueFrom:
982 fieldRef:
983 fieldPath: metadata.name
984 volumeMounts:
985 - name: collectorforkubernetes-syslog-state
986 mountPath: /data
987 - name: collectorforkubernetes-syslog-config
988 mountPath: /config/
989 readOnly: true
990 volumes:
991 - name: collectorforkubernetes-syslog-state
992 hostPath:
993 path: /var/lib/collectorforkubernetes-syslog/data/
994 - name: collectorforkubernetes-syslog-config
995 configMap:
996 name: collectorforkubernetes-syslog
997 items:
998 - key: 001-general.conf
999 path: 001-general.conf
1000 - key: 004-addon.conf
1001 path: 004-addon.conf