-
Notifications
You must be signed in to change notification settings - Fork 269
/
values.yaml
297 lines (280 loc) · 10 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
# Default values for splunk-kubernetes-objects.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# = Log Level =
# logLevel is to set log level of the object collector. Avaiable values are:
# * trace
# * debug
# * info
# * warn
# * error
#
# Default value: "info"
logLevel:
rbac:
# Specifies whether RBAC resources should be created.
# This should be set to `false` if either:
# a) RBAC is not enabled in the cluster, or
# b) you want to create RBAC resources by yourself.
create: true
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# This flag specifies if the user wants to use a secret for creating the serviceAccount,
# which will be used to get the images from a private registry
usePullSecrets: false
podSecurityPolicy:
# Specifies whether Pod Security Policy resources should be created.
# This should be set to `false` if either:
# a) Pod Security Policies is not enabled in the cluster, or
# b) you want to create Pod Security Policy resources by yourself.
create: false
# = Kubernetes Connection Configs =
kubernetes:
# the URL for calling kubernetes API, by default it will be read from the environment variables
url:
# if insecureSSL is set to true, insecure HTTPS API call is allowed, default false
insecureSSL: false
# Path to the certificate file for this client.
clientCert:
# Path to the private key file for this client.
clientKey:
# Path to the CA file.
caFile:
# Path to the file contains the API token. By default it reads from the file "token" in the `secret_dir`.
bearerTokenFile:
# Path of the location where pod's service account's credentials are stored. Usually you don't need to care about this config, the default value should work in most cases.
secretDir:
# The cluster name used to tag cluster metrics from the aggregator. Default is cluster_name
clusterName:
# = Object Lists =
# NOTE: at least one object must be provided.
#
# == Schema ==
# ```
# objects:
# <apiGroup>:
# <apiVersion>:
# - <objectDefinition>
# ```
#
# Each `objectDefinition` has the following fields:
# * mode:
# define in which way it collects this type of object, either "poll" or "watch".
# - "poll" mode will read all objects of this type use the list API at an interval.
# - "watch" mode will setup a long connection using the watch API to just get updates.
# * name: [REQUIRED]
# name of the object, e.g. `pods`, `namespaces`.
# Note that for resource names that contains multiple words, like `daemonsets`,
# words need to be separated with `_`, so `daemonsets` becomes `daemon_sets`.
# * namespace:
# only collects objects from the specified namespace, by default it's all namespaces
# * labelSelector:
# select objects by label(s)
# * fieldSelector:
# select objects by field(s)
# * interval:
# the interval at which object is pulled, default 15 minutes.
# Only useful for "poll" mode.
#
# == Example ==
# ```
# objects:
# core:
# v1:
# - name: pods
# namespace: default
# mode: pull
# interval: 60m
# - name: events
# mode: watch
# apps:
# v1:
# - name: daemon_sets
# labelSelector: environment=production
# ```
objects:
core:
v1:
- name: pods
- name: namespaces
- name: nodes
- name: events
mode: watch
# = Checkpoint Configs =
# defines the checkpoint file used for saving the resourceVersion of watched objects,
# so that when the fluentd pod restarts, it will continue from where it stopped.
# NOTE: since kubernetes has its own cache limit, if the fluentd pod has stopped for a long time,
# it might not be able to start watch from the checkpoint.
checkpointFile:
# the name of the checkpoint file.
name: kubernetes-objects.pos
# volume is a kubernetes volume configuration object. The volume has to be a directory, not a file.
# If volume is not defined, no checkpoint file will be used.
# For example, if you want to use hostpath, the it should look like this:
#
# checkpointFile:
# volume:
# hostPath:
# path: /var/data
# type: Directory
volume:
# = Configure Splunk HEC connection =
splunk:
hec:
# host to the HEC endpoint [REQUIRED]
host:
# token for the HEC [REQUIRED]
token:
# protocol has two options: "http" and "https". Default value: "https"
protocol:
# indexName tells which index to use, this is optional. If it's not present, the default index configured in HEC will be used.
indexName:
# insecureSSL is a boolean, it indecates should it allow inscure SSL connection (when protocol is "https"). Default value: false.
insecureSSL:
# The *content* of a PEM-format CA certificate for this client.
clientCert:
# The *content* of the private key for this client.
clientKey:
# The *content* of a PEM-format CA certificate.
caFile:
# The path to a directory containing CA certificates which are in PEM format.
caPath:
# indexRouting is a boolean, it indicates whether user wants to route logs to the index with name specified by the user using customFilters. Default is false.
# If you want to use this feature you will have to set the index key for the record using customFilters.
# For example,
# customFilters:
# SetIndexFilter:
# tag: tail.containers.**
# type: jq_transformer
# body: jq '.record.index = "my_awesome_index" | .record'
indexRouting:
# Create or use existing secret if name is empty default name is used
secret:
create: true
name:
# Defines which version of image to use, and how it should be pulled.
image:
# The domain of the registry to pull the image from
registry: docker.io
# The name of the image to pull
name: splunk/kube-objects
# The tag of the image to pull
tag: 1.1.4
# The policy that specifies when the user wants the images to be pulled
pullPolicy: Always
# Indicates if the image should be pulled using authentication from a secret
usePullSecret: false
# The name of the pull secret to attach to the respective serviceaccount used to pull the image
pullSecretName:
# = Resoruce Limitation Configs =
resources:
# limits:
# cpu: 100m
# memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
# Controls the output buffer for the fluentd daemonset
# Note that, for memory buffer, if `resources.limits.memory` is set,
# the total buffer size should not bigger than the memory limit, it should also
# consider the basic memory usage by fluentd itself.
# All buffer parameters (except Argument) defined in
# https://docs.fluentd.org/v1.0/articles/buffer-section#parameters
# can be configured here.
buffer:
"@type": memory
total_limit_size: 600m
chunk_limit_size: 200m
chunk_limit_records: 10000
flush_interval: 3s
flush_thread_count: 1
overflow_action: block
retry_max_times: 3
# Defines which nodes should be selected to deploy the fluentd daemonset.
nodeSelector:
beta.kubernetes.io/os: linux
# This default tolerations allow the daemonset to be deployed on master nodes,
# so that we can also collect metrics from those nodes.
tolerations: []
# Defines node affinity to restrict pod deployment.
affinity: {}
# `customFilters` defines the custom filters to be used.
# This section can be used to define custom filters using plugins like https://github.com/splunk/fluent-plugin-jq
# Its also possible to use other filters like https://www.fluentd.org/plugins#filter
#
# The scheme to define a custom filter is:
#
# ```
# <name>:
# tag: <fluentd tag for the filter>
# type: <fluentd filter type>
# body: <definition of the fluentd filter>
# ```
#
# = fluentd tag for the filter =
# This is the fluentd tag for the record
#
# = fluentd filter type =
# This is the fluentd filter that the user wants to use for record manipulation.
#
# = definition of the fluentd filter =
# This defines the body/logic for using the filter for record manipulation.
#
# For example if you want to define a filter which sets cluster_name field to "my_awesome_cluster" you would the following filter
# <filter tail.containers.**>
# @type jq_transformer
# jq '.record.cluster_name = "my_awesome_cluster" | .record'
# </filter>
# This can be defined in the customFilters section as follows:
# ```
# customFilters:
# NamespaceSourcetypeFilter:
# tag: tail.containers.**
# type: jq_transformer
# body: jq '.record.cluster_name = "my_awesome_cluster" | .record'
# ```
customFilters: {}
#
# You can find more information on indexed fields here - http://dev.splunk.com/view/event-collector/SP-CAAAFB6
# The scheme to define an indexed field is:
#
# ```
# ["field_1", "field_2"]
# ```
#
# `indexFields` defines the fields from the fluentd record to be indexed.
# You can find more information on indexed fields here - http://dev.splunk.com/view/event-collector/SP-CAAAFB6
# The input is in the form of an array(comma separated list) of the values you want to use as indexed fields.
#
# For example if you want to define indexed fields for "field_1" and "field_2"
# you will have to define an indexFields section as follows in values.yaml file.
# ```
# indexFields: ["field_1", "field_2"]
# ```
# WARNING: The fields being used here must be available inside the fluentd record.
indexFields: []
# Global configurations
# These configurations will be used if the corresponding local configurations are not set.
# For example, if `global.logLevel` is set and `logLevel` is not set, `global.logLevel` will be used; if `logLevel` is set, it will be used regardless `global.logLevel` is set or not.
global:
logLevel: info
# If local splunk configurations are not present, the global ones will be used (if available)
splunk:
# It has exactly the same configs as splunk.hec does
hec:
host:
port: 8088
token:
protocol: https
indexName:
insecureSSL: false
clientCert:
clientKey:
caFile:
kubernetes:
clusterName: "cluster_name"
prometheus_enabled: true