-
Notifications
You must be signed in to change notification settings - Fork 269
/
values.yaml
437 lines (414 loc) · 14.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
# Configurable parameters and default values for splunk-kubernetes-logging.
# This is a YAML-formatted file.
# Declared variables will be passed into templates.
# logLevel is to set log level of the Splunk log collector. Avaiable values are:
# * trace
# * debug
# * info (default)
# * warn
# * error
logLevel:
# This is can be used to exclude verbose logs including various system and Helm/Tiller related logs.
fluentd:
# path of logfiles, default /var/log/containers/*.log
path: /var/log/containers/*.log
# paths of logfiles to exclude. object type is array as per fluentd specification:
# https://docs.fluentd.org/input/tail#exclude_path
exclude_path:
# - /var/log/containers/kube-svc-redirect*.log
# - /var/log/containers/tiller*.log
# - /var/log/containers/*_kube-system_*.log (to exclude `kube-system` namespace)
# Configurations for container logs
containers:
# Path to root directory of container logs
path: /var/log
# Final volume destination of container log symlinks
pathDest: /var/lib/docker/containers
# Log format type, "json" or "cri"
logFormatType: json
# Specify the log format for "cri" logFormatType
# It can be "%Y-%m-%dT%H:%M:%S.%N%:z" for openshift and "%Y-%m-%dT%H:%M:%S.%NZ" for IBM IKS
logFormat:
# Specify the interval of refreshing the list of watch file.
refreshInterval:
# Directory where to read journald logs. (docker daemon logs, kubelet logs, and anyother specified serivce logs)
journalLogPath: /run/log/journal
# Enriches pod log record with kubernetes data
k8sMetadata:
# Pod labels to collect
podLabels:
- app
- k8s-app
- release
# Local splunk configurations
splunk:
# Configurations for HEC (HTTP Event Collector)
hec:
# host is required and should be provided by user
host:
# port to HEC, optional, default 8088
port:
# token is required and should be provided by user
token:
# protocol has two options: "http" and "https", default is "https"
protocol:
# indexName tells which index to use, this is optional. If it's not present, will use the "main".
indexName:
# insecureSSL is a boolean, it indicates should it allow inscure SSL connection (when protocol is "https"). Default is false.
insecureSSL:
# The PEM-format CA certificate for this client.
# NOTE: The content of the certificate itself should be used here, not the file path.
# The certificate will be stored as a secret in kubernetes.
clientCert:
# The private key for this client.
# NOTE: The content of the key itself should be used here, not the file path.
# The key will be stored as a secret in kubernetes.
clientKey:
# The PEM-format CA certificate file.
# NOTE: The content of the file itself should be used here, not the file path.
# The file will be stored as a secret in kubernetes.
caFile:
# Configurations for Ingest API
ingest_api:
# serviceClientIdentifier is a string, the client identifier is used to make requests to the ingest API with authorization.
serviceClientIdentifier:
# serviceClientSecretKey is a string, the client identifier is used to make requests to the ingest API with authorization.
serviceClientSecretKey:
# tokenEndpoint is a string, it indicates which endpoint should be used to get the authorization token used to make requests to the ingest API.
tokenEndpoint:
# ingestAuthHost is a string, it indicates which url/hostname should be used to make token auth requests to the ingest API.
ingestAuthHost:
# ingestAPIHost is a string, it indicates which url/hostname should be used to make requests to the ingest API.
ingestAPIHost:
# tenant is a string, it indicates which tenant should be used to make requests to the ingest API.
tenant:
# eventsEndpoint is a string, it indicates which endpoint should be used to make requests to the ingest API.
eventsEndpoint:
# debugIngestAPI is a boolean, it indicates whether user wants to debug requests and responses to ingest API. Default is false.
debugIngestAPI:
rbac:
# Specifies whether RBAC resources should be created.
# This should be set to `false` if either:
# a) RBAC is not enabled in the cluster, or
# b) you want to create RBAC resources by yourself.
create: true
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# This flag specifies if the user wants to use a secret for creating the serviceAccount,
# which will be used to get the images from a private registry
usePullSecrets: false
podSecurityPolicy:
# Specifies whether Pod Security Policy resources should be created.
# This should be set to `false` if either:
# a) Pod Security Policies is not enabled in the cluster, or
# b) you want to create Pod Security Policy resources by yourself.
create: false
# Create or use existing secret if name is empty default name is used
secret:
create: true
name:
# `logs` defines the source of logs, multiline support, and their sourcetypes.
#
# The scheme to define a log is:
#
# ```
# <name>:
# from:
# <source>
# timestampExtraction:
# regexp: "<regexp_to_extract_timestamp_from_log>"
# format: "<format_of_the_timestamp>"
# multiline:
# firstline: "<regexp_to_detect_firstline_of_multiline>"
# flushInterval 5
# sourcetype: "<sourcetype_of_logs>"
# ```
#
# = <source> =
# It supports 3 kinds of sources: journald, file, and container.
# For `journald` logs, `unit` is required for filtering using _SYSTEMD_UNIT, example:
# ```
# docker:
# from:
# journald:
# unit: docker.service
# ```
#
# For `file` logs, `path` is required for specifying where is the log files. Log files are expected in `/var/log`, example:
# ```
# docker:
# from:
# file:
# path: /var/log/docker.log
# ```
#
# For `container` logs, pod name is required. You can also provide the container name, if it's not provided, the name of this source will be used as the container name:
# ```
# kube-apiserver:
# from:
# pod: kube-apiserver
#
# etcd:
# from:
# pod: etcd-server
# container: etcd-container
# ```
#
# = timestamp =
# `timestampExtraction` defines how to extract timestamp from logs. This *only* works for `file` source.
# To use `timestampExtraction` you need to define both:
# - `regexp`: the Regular Expression used to find the timestamp from a log entry.
# The timestamp part must be in a `time` named group. E.g.
# (?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})
# - `format`: a format string defintes how to parse the timestamp, e.g. "%Y-%m-%d %H:%M:%S".
# More details can be find: http://ruby-doc.org/stdlib-2.5.0/libdoc/time/rdoc/Time.html#method-c-strptime
#
# = multiline =
# `multiline` options provide basic multiline support. Two options:
# - `firstline`: a Regular Expression used to detect the first line of a multiline log.
# - `flushInterval`: The number of seconds after which the last received event log will be flushed, default value: 5.
#
# = sourcetype =
# sourcetype of each kind of log can be defined using the `sourcetype` field.
# If `sourcetype` is not defined, `name` will be used.
#
# ---
# Here we have some default timestampExtraction and multiline settings for kubernetes components.
# So, usually you just need to redefine the source of those components if necessary.
logs:
docker:
from:
journald:
unit: docker.service
timestampExtraction:
regexp: time="(?<time>\d{4}-\d{2}-\d{2}T[0-2]\d:[0-5]\d:[0-5]\d.\d{9}Z)"
format: "%Y-%m-%dT%H:%M:%S.%NZ"
sourcetype: kube:docker
kubelet: &glog
from:
journald:
unit: kubelet.service
timestampExtraction:
regexp: \w(?<time>[0-1]\d[0-3]\d [^\s]*)
format: "%m%d %H:%M:%S.%N"
multiline:
firstline: /^\w[0-1]\d[0-3]\d/
sourcetype: kube:kubelet
etcd:
from:
pod: etcd-server
container: etcd-container
timestampExtraction:
regexp: (?<time>\d{4}-\d{2}-\d{2} [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
etcd-minikube:
from:
pod: etcd-minikube
container: etcd
timestampExtraction:
regexp: (?<time>\d{4}-\d{2}-\d{2} [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
etcd-events:
from:
pod: etcd-server-events
container: etcd-container
timestampExtraction:
regexp: (?<time>\d{4}-[0-1]\d-[0-3]\d [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
kube-apiserver:
<<: *glog
from:
pod: kube-apiserver
sourcetype: kube:kube-apiserver
kube-scheduler:
<<: *glog
from:
pod: kube-scheduler
sourcetype: kube:kube-scheduler
kube-controller-manager:
<<: *glog
from:
pod: kube-controller-manager
sourcetype: kube:kube-controller-manager
kube-proxy:
<<: *glog
from:
pod: kube-proxy
sourcetype: kube:kube-proxy
kubedns:
<<: *glog
from:
pod: kube-dns
sourcetype: kube:kubedns
dnsmasq:
<<: *glog
from:
pod: kube-dns
sourcetype: kube:dnsmasq
dns-sidecar:
<<: *glog
from:
pod: kube-dns
container: sidecar
sourcetype: kube:kubedns-sidecar
dns-controller:
<<: *glog
from:
pod: dns-controller
sourcetype: kube:dns-controller
kube-dns-autoscaler:
<<: *glog
from:
pod: kube-dns-autoscaler
container: autoscaler
sourcetype: kube:kube-dns-autoscaler
kube-audit:
from:
file:
path: /var/log/kube-apiserver-audit.log
timestampExtraction:
format: "%Y-%m-%dT%H:%M:%SZ"
sourcetype: kube:apiserver-audit
# Defines which version of image to use, and how it should be pulled.
image:
# The domain of the registry to pull the image from
registry: docker.io
# The name of the image to pull
name: splunk/fluentd-hec
# The tag of the image to pull
tag: 1.2.4
# The policy that specifies when the user wants the images to be pulled
pullPolicy: Always
# Indicates if the image should be pulled using authentication from a secret
usePullSecret: false
# The name of the pull secret to attach to the respective serviceaccount used to pull the image
pullsecretName:
# Controls the resources used by the fluentd daemonset
resources:
# limits:
# cpu: 100m
# memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
# Controls the output buffer for the fluentd daemonset
# Note that, for memory buffer, if `resources.limits.memory` is set,
# the total buffer size should not bigger than the memory limit, it should also
# consider the basic memory usage by fluentd itself.
# All buffer parameters (except Argument) defined in
# https://docs.fluentd.org/v1.0/articles/buffer-section#parameters
# can be configured here.
buffer:
"@type": memory
total_limit_size: 600m
chunk_limit_size: 20m
chunk_limit_records: 100000
flush_interval: 5s
flush_thread_count: 1
overflow_action: block
retry_max_times: 5
retry_type: periodic
# This default tolerations allow the daemonset to be deployed on master nodes,
# so that we can also collect logs from those nodes.
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
# Defines which nodes should be selected to deploy the fluentd daemonset.
nodeSelector:
beta.kubernetes.io/os: linux
# Defines node affinity to restrict pod deployment.
affinity: {}
# Defines priorityClassName to assign a priority class to pods.
priorityClassName:
# = Kubernetes Connection Configs =
kubernetes:
# The cluster name used to tag logs. Default is cluster_name
clusterName:
# This flag specifies if the user wants to use a security context for creating the pods, which will be used to run privileged pods
# This currently applies to the logging component
securityContext: true
# List of key/value pairs for metadata purpse.
# Can be used to define things such as cloud_account_id, cloud_account_region, etc.
customMetadata:
# - name: "cloud_account_id"
# value: "1234567890"
# `customFilters` defines the custom filters to be used.
# This section can be used to define custom filters using plugins like https://github.com/splunk/fluent-plugin-jq
# Its also possible to use other filters like https://www.fluentd.org/plugins#filter
#
# The scheme to define a custom filter is:
#
# ```
# <name>:
# tag: <fluentd tag for the filter>
# type: <fluentd filter type>
# body: <definition of the fluentd filter>
# ```
#
# = fluentd tag for the filter =
# This is the fluentd tag for the record
#
# = fluentd filter type =
# This is the fluentd filter that the user wants to use for record manipulation.
#
# = definition of the fluentd filter =
# This defines the body/logic for using the filter for record manipulation.
#
# For example if you want to define a filter which sets cluster_name field to "my_awesome_cluster" you would the following filter
# <filter tail.containers.**>
# @type jq_transformer
# jq '.record.cluster_name = "my_awesome_cluster" | .record'
# </filter>
# This can be defined in the customFilters section as follows:
# ```
# customFilters:
# NamespaceSourcetypeFilter:
# tag: tail.containers.**
# type: jq_transformer
# body: jq '.record.cluster_name = "my_awesome_cluster" | .record'
# ```
customFilters: {}
#
# You can find more information on indexed fields here - http://dev.splunk.com/view/event-collector/SP-CAAAFB6
# The scheme to define an indexed field is:
#
# ```
# ["field_1", "field_2"]
# ```
#
# `indexFields` defines the fields from the fluentd record to be indexed.
# You can find more information on indexed fields here - http://dev.splunk.com/view/event-collector/SP-CAAAFB6
# The input is in the form of an array(comma separated list) of the values you want to use as indexed fields.
#
# For example if you want to define indexed fields for "field_1" and "field_2"
# you will have to define an indexFields section as follows in values.yaml file.
# ```
# indexFields: ["field_1", "field_2"]
# ```
# WARNING: The fields being used here must be available inside the fluentd record.
indexFields: []
# Global configurations
# These configurations will be used if the corresponding local configurations are not set.
# For example, if `global.logLevel` is set and `logLevel` is not set, `global.logLevel` will be used; if `logLevel` is set, it will be used regardless `global.logLevel` is set or not.
global:
logLevel: info
# If local splunk configurations are not present, the global ones will be used (if available)
splunk:
# It has exactly the same configs as splunk.hec does
hec:
host:
port: 8088
token:
protocol: https
indexName:
insecureSSL: false
clientCert:
clientKey:
caFile:
kubernetes:
clusterName: "cluster_name"
prometheus_enabled: true