diff --git a/charts/common/templates/clusterrole.yaml b/charts/common/templates/clusterrole.yaml index 7489230e..3777c82a 100644 --- a/charts/common/templates/clusterrole.yaml +++ b/charts/common/templates/clusterrole.yaml @@ -23,6 +23,7 @@ rules: - batch - discovery.k8s.io - metrics.k8s.io + - storage.k8s.io resources: - '*' verbs: diff --git a/charts/logan/templates/fluentd-daemonset.yaml b/charts/logan/templates/fluentd-daemonset.yaml index 276f2d04..6011ad06 100644 --- a/charts/logan/templates/fluentd-daemonset.yaml +++ b/charts/logan/templates/fluentd-daemonset.yaml @@ -33,6 +33,8 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule {{- if $imagePullSecrets }} imagePullSecrets: - name: {{ .Values.image.imagePullSecrets }} @@ -41,6 +43,10 @@ spec: - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- if .Values.securityContextPriviliged }} + securityContext: + privileged: {{ .Values.securityContextPriviliged }} + {{- end}} env: - name: FLUENTD_CONF value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} diff --git a/charts/logan/templates/fluentd-deployment.yaml b/charts/logan/templates/fluentd-deployment.yaml index d9d5c38d..b3780753 100644 --- a/charts/logan/templates/fluentd-deployment.yaml +++ b/charts/logan/templates/fluentd-deployment.yaml @@ -38,6 +38,10 @@ spec: - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- if .Values.securityContextPriviliged }} + securityContext: + privileged: {{ .Values.securityContextPriviliged }} + {{- end}} env: - name: FLUENTD_CONF value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml index 33951228..ec39b97e 100644 --- a/charts/logan/values.yaml +++ b/charts/logan/values.yaml @@ -67,6 +67,12 @@ kubernetesClusterID: # e.g. production-cluster kubernetesClusterName: +# -- Kubernetes Security Context priviliged flag +# By default, this is false and not required to be set in OKE cluster +# In some special Kubernetes environments like OCNE, we require this flag to be set to ture +# to allow pods to access log files. +securityContextPriviliged: false + # -- Logging Analytics OCID for OKE Cluster #ociLAEntityID: @@ -294,6 +300,47 @@ fluentd: ociLALogSourceName: "Kubernetes Autoscaler Logs" # The regular expression pattern for the starting line in case of multi-line logs. multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + + # Config specific to API Server Logs Collection + kube-apiserver: + # The path to the source files. + path: /var/log/containers/kube-apiserver-*.log + # Logging Analytics log source to use for parsing and processing the logs: Kubernetes API Server Logs. + ociLALogSourceName: "Kubernetes API Server Logs" + # The regular expression pattern for the starting line in case of multi-line logs. + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + + # Config specific to etcd Logs Collection + etcd: + # The path to the source files. + path: /var/log/containers/etcd-*.log + # Logging Analytics log source to use for parsing and processing the logs: Kubernetes etcd Logs. + ociLALogSourceName: "Kubernetes etcd Logs" + + # Config specific to kube-controller-manager Logs Collection + kube-controller-manager: + # The path to the source files. + path: /var/log/containers/kube-controller-manager-*.log + # Logging Analytics log source to use for parsing and processing the logs: Kubernetes Controller Manager Logs. + ociLALogSourceName: "Kubernetes Controller Manager Logs" + # The regular expression pattern for the starting line in case of multi-line logs. + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + + # Config specific to kube-scheduler Logs Collection + kube-scheduler: + # The path to the source files. + path: /var/log/containers/kube-scheduler-*.log + # Logging Analytics log source to use for parsing and processing the logs: Kubernetes Scheduler Logs. + ociLALogSourceName: "Kubernetes Scheduler Logs" + # The regular expression pattern for the starting line in case of multi-line logs. + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + + # Config specific to Kubernetes Audit Logs Collection + kube-audit: + # The path to the source files. + path: /var/log/kubernetes/audit/audit* + # Logging Analytics log source to use for parsing and processing the logs: Kubernetes Audit Logs. + ociLALogSourceName: "Kubernetes Audit Logs" # Configuration for Linux System specific logs like CronLogs and SecureLogs linuxSystem: logs: @@ -375,6 +422,10 @@ fluentd: - '"/var/log/containers/csi-oci-node-*.log"' - '"/var/log/containers/proxymux-client-*.log"' - '"/var/log/containers/cluster-autoscaler-*.log"' + - '"/var/log/containers/kube-apiserver-*.log"' + - '"/var/log/containers/etcd-*.log"' + - '"/var/log/containers/kube-controller-manager-*.log"' + - '"/var/log/containers/kube-scheduler-*.log"' # -- Configuration for any custom logs which are not part of the default configuration defined in this file. # All the pod/container logs will be collected as per "genericContainerLogs" section. @@ -436,6 +487,10 @@ fluentd: api_endpoint: "" events: api_endpoint: "" + persistent_volumes: + api_endpoint: "" + persistent_volume_claims: + api_endpoint: "" daemon_sets: api_endpoint: apis/apps replica_sets: