RHDEVDOCS-4047 - Modularization of CRs for logging.

_topic_maps/_topic_map.yml

@@ -2170,6 +2170,8 @@ Topics:
   File: cluster-logging-release-notes
 - Name: About Logging
   File: cluster-logging
+- Name: Logging Quick Reference
+  File: cluster-logging-code-samples
 - Name: Installing Logging
   File: cluster-logging-deploying
   Distros: openshift-enterprise,openshift-origin

logging/alertingrule.yaml

@@ -0,0 +1,31 @@
+kind: AlertingRule
+apiVersion: loki.grafana.com/v1beta1
+metadata:
+  name: alertingrule-sample
+  namespace: openshift-operators-redhat
+spec:
+  groups:
+    - interval: 10m
+      name: alerting-rules-group
+      rules:
+        - alert: HighPercentageError
+          annotations:
+            summary: High request latency
+          expr: |
+            sum(rate({app="foo", env="production"} |= "error" [5m])) by (job)
+              /
+            sum(rate({app="foo", env="production"}[5m])) by (job)
+              > 0.05
+          for: 10m
+          labels:
+            severity: page
+        - alert: HttpCredentialsLeaked
+          annotations:
+            message: '{{ $labels.job }} is leaking http basic auth credentials.'
+          expr: >-
+            sum by (cluster, job, pod) (count_over_time({namespace="prod"} |~
+            "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)
+          for: 10m
+          labels:
+            severity: critical
+  tenantID: test-tenant

logging/cluster-logging-code-samples.adoc

@@ -0,0 +1,13 @@
+:_content-type: ASSEMBLY
+:context: cluster-logging-code-samples
+[id="cluster-logging-code-samples"]
+= Custom Resource samples
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+By default, the {logging} sends container and infrastructure logs to the default internal log store defined in the `ClusterLogging` custom resource. However, it does not send audit logs to the internal store because it does not provide secure storage. If this default configuration meets your needs, you do not need to configure the Cluster Log Forwarder.
+
+To send logs to other log aggregators, you use the `ClusterLogForwarder` custom resource. This API enables you to send container, infrastructure, and audit logs to specific endpoints within or outside your cluster. In addition, you can send different types of logs to various systems so that various individuals can access each type. You can also enable Transport Layer Security (TLS) support to send logs securely, as required by your organization.
+
+include::snippets/cluster-logging-custom-resources.adoc[lines=33-64]

logging/clusterlogforwarder.yaml

@@ -0,0 +1,27 @@
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  outputs:
+    - secret:
+        name: elasticsearch
+      syslog:
+        rfc: RFC5424
+      name: remote-elasticsearch
+      type: elasticsearch
+      url: 'remote.example.org:9200'
+  pipelines:
+    - inputRefs:
+        - application
+        - audit
+        - infrastructure
+      outputRefs:
+        - default
+      name: enable-default-log-store
+    - inputRefs:
+        - application
+      outputRefs:
+        - remote-elasticsearch
+      name: forward-to-remote

logging/clusterlogging.yaml

@@ -0,0 +1,27 @@
+kind: ClusterLogging
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  collection:
+    type: fluentd
+  logStore:
+    elasticsearch:
+      nodeCount: 3
+      redundancyPolicy: SingleRedundancy
+      resources:
+        requests:
+          memory: 2Gi
+      storage:
+        size: 200G
+        storageClassName: gp2
+    retentionPolicy:
+      application:
+        maxAge: 7d
+    type: elasticsearch
+  managementState: Managed
+  visualization:
+    kibana:
+      replicas: 1
+    type: kibana

logging/elasticsearch.yaml

@@ -0,0 +1,44 @@
+kind: Elasticsearch
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: elasticsearch
+  namespace: openshift-operators-redhat
+spec:
+  indexManagement:
+    mappings:
+      - aliases:
+          - infra
+          - logs.infra
+        name: infra
+        policyRef: infra-policy
+    policies:
+      - name: infra-policy
+        phases:
+          delete:
+            minAge: 2d
+            namespaceSpec:
+              - minAge: 5h
+                namespace: openshift-monitoring
+            pruneNamespacesInterval: 24h
+          hot:
+            actions:
+              rollover:
+                maxAge: 8h
+        pollInterval: 30m
+  managementState: Managed
+  nodeSpec:
+    resources:
+      limits:
+        memory: 1Gi
+      requests:
+        cpu: 100m
+        memory: 512Mi
+  nodes:
+    - nodeCount: 1
+      roles:
+        - client
+        - data
+        - master
+      storage:
+        size: 20G
+  redundancyPolicy: ZeroRedundancy

logging/kibana.yaml

@@ -0,0 +1,14 @@
+kind: Kibana
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: kibana
+  namespace: openshift-operators-redhat
+spec:
+  managementState: Managed
+  nodeSelector: {}
+  replicas: 1
+  resources:
+    limits:
+      memory: 512Mi
+    requests:
+      memory: 512Mi

logging/lokistack.yaml

@@ -0,0 +1,11 @@
+kind: LokiStack
+apiVersion: loki.grafana.com/v1
+metadata:
+  name: lokistack-sample
+  namespace: openshift-operators-redhat
+spec:
+  size: 1x.small
+  storage:
+    secret:
+      name: test
+  storageClassName: standard

logging/recordingrule.yaml

@@ -0,0 +1,17 @@
+kind: RecordingRule
+apiVersion: loki.grafana.com/v1beta1
+metadata:
+  name: recordingrule-sample
+  namespace: openshift-operators-redhat
+spec:
+  groups:
+    - interval: 10m
+      name: recording-rules-group
+      rules:
+        - expr: |
+            sum(rate({container="myservice"}[10m]))
+          record: 'myservice:requests:rate10m'
+        - expr: |
+            sum(rate({container="otherservice"}[1m]))
+          record: 'otherservice:requests:rate1m'
+  tenantID: test-tenant

logging/rulerconfig.yaml

@@ -0,0 +1,45 @@
+kind: RulerConfig
+apiVersion: loki.grafana.com/v1beta1
+metadata:
+  name: rulerconfig-sample
+  namespace: openshift-operators-redhat
+spec:
+  alertmanager:
+    discovery:
+      enableSRV: true
+      refreshInterval: 1m
+    enableV2: true
+    endpoints:
+      - 'http://alertmanager-host1.mycompany.org'
+      - 'http://alertmanager-host2.mycompany.org'
+    externalLabels:
+      environment: production
+      region: us-east-2
+    externalUrl: 'http://www.mycompany.org/alerts'
+    notificationQueue:
+      capacity: 1000
+      forGracePeriod: 10m
+      forOutageTolerance: 1h
+      resendDelay: 1m
+      timeout: 30s
+  evaluationInterval: 1m
+  pollInterval: 1m
+  remoteWrite:
+    client:
+      authorization: basic
+      authorizationSecretName: my-secret-resource
+      name: remote-write-log-metrics
+      proxyUrl: 'http://proxy-host.mycompany.org'
+      relabelConfigs:
+        - action: replace
+          regex: ALERTS.*
+          replacement: $1
+          separator: ''
+          sourceLabels:
+            - labelc
+            - labeld
+          targetLabel: labelnew
+      timeout: 30s
+      url: 'http://remote-write-host.mycompany.org'
+    enabled: true
+    refreshPeriod: 10s

snippets/cluster-logging-custom-resources.adoc

@@ -0,0 +1,129 @@
+:_content-type: SNIPPET
+
+[source,yaml]
+----
+kind: ClusterLogging
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  collection:
+    type: fluentd
+  logStore:
+    elasticsearch:
+      nodeCount: 3
+      redundancyPolicy: SingleRedundancy
+      resources:
+        requests:
+          memory: 2Gi
+      storage:
+        size: 200G
+        storageClassName: gp2
+    retentionPolicy:
+      application:
+        maxAge: 7d
+    type: elasticsearch
+  managementState: Managed
+  visualization:
+    kibana:
+      replicas: 1
+    type: kibana
+----
+
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  outputs:
+    - secret:
+        name: elasticsearch
+      syslog:
+        rfc: RFC5424
+      name: remote-elasticsearch
+      type: elasticsearch
+      url: 'remote.example.org:9200'
+  pipelines:
+    - inputRefs:
+        - application
+        - audit
+        - infrastructure
+      outputRefs:
+        - default
+      name: enable-default-log-store
+    - inputRefs:
+        - application
+      outputRefs:
+        - remote-elasticsearch
+      name: forward-to-remote
+----
+
+[source,yaml]
+----
+kind: Elasticsearch
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: elasticsearch
+  namespace: openshift-operators-redhat
+spec:
+  indexManagement:
+    mappings:
+      - aliases:
+          - infra
+          - logs.infra
+        name: infra
+        policyRef: infra-policy
+    policies:
+      - name: infra-policy
+        phases:
+          delete:
+            minAge: 2d
+            namespaceSpec:
+              - minAge: 5h
+                namespace: openshift-monitoring
+            pruneNamespacesInterval: 24h
+          hot:
+            actions:
+              rollover:
+                maxAge: 8h
+        pollInterval: 30m
+  managementState: Managed
+  nodeSpec:
+    resources:
+      limits:
+        memory: 1Gi
+      requests:
+        cpu: 100m
+        memory: 512Mi
+  nodes:
+    - nodeCount: 1
+      roles:
+        - client
+        - data
+        - master
+      storage:
+        size: 20G
+  redundancyPolicy: ZeroRedundancy
+----
+
+[source,yaml]
+----
+kind: Kibana
+apiVersion: logging.openshift.io/v1
+metadata:
+  name: kibana
+  namespace: openshift-operators-redhat
+spec:
+  managementState: Managed
+  nodeSelector: {}
+  replicas: 1
+  resources:
+    limits:
+      memory: 512Mi
+    requests:
+      memory: 512Mi
+----