loggie-io
/
installation
mirror of https://github.com/loggie-io/installation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: loggie-io:v1.4.0-rc.0
Branches Tags
loggie-io:main
loggie-io:release-v1.4
loggie-io:zzy-mount-root
loggie-io:ethfoo-patch-1
loggie-io:release-v1.3
loggie-io:release-v1.2
loggie-io:release-v1.1
loggie-io:release-v1.0
loggie-io:v1.4.0
loggie-io:v1.4.0-rc.0
loggie-io:v1.3.0
loggie-io:v1.3.0-rc.0
loggie-io:v1.2.0
loggie-io:v1.1.0
loggie-io:v1.0.0
...
compare: loggie-io:main
Branches Tags
loggie-io:main
loggie-io:release-v1.4
loggie-io:zzy-mount-root
loggie-io:ethfoo-patch-1
loggie-io:release-v1.3
loggie-io:release-v1.2
loggie-io:release-v1.1
loggie-io:release-v1.0
loggie-io:v1.4.0
loggie-io:v1.4.0-rc.0
loggie-io:v1.3.0
loggie-io:v1.3.0-rc.0
loggie-io:v1.2.0
loggie-io:v1.1.0
loggie-io:v1.0.0

8 Commits
v1.4.0-rc. ... main

Author SHA1 Message Date
zhanglei 60d82d963d
修改crd数据结构,支持匹配workload (#38) 
Co-authored-by: lei.zhangDB <lei.zhangDB@eoitek.com>
 2023-12-22 10:22:30 +08:00
ethfoo d0c2397a47
Fix: add privileged when runtime is containerd (#37) 2023-07-31 15:09:34 +08:00
ziyu-zhao 67ebbaec78
modify logconfig/clusterlogconfig queue (#29) 2023-07-19 16:46:27 +08:00
wchy1001 7da7444655
Mount the whole /run directory to container (#34) 
When containerd's runtime is kata, we need to mount the /run directory
to container

depend on: https://github.com/loggie-io/loggie/pull/554

Co-authored-by: wuchunyang <wchy1001@gmail.com>
 2023-06-08 10:11:21 +08:00
ethfoo bfffba6a07
Feat: upgrade loggie version to v1.4.0 (#33) 2023-03-07 14:48:29 +08:00
ethfoo 3081dbdfda
Feat: add loggie operator helm chart (#32) 2023-02-27 17:47:23 +08:00
ethfoo e30a51cf55
Feat: upgrade version to v1.4.0-rc.0; update clusterrole (#31) 2023-02-22 15:57:27 +08:00
ethfoo 5f8b05a76d
Update values.yaml (#27) 2023-01-04 16:14:22 +08:00
17 changed files with 677 additions and 89 deletions
Show Stats Expand all files Collapse all files

4
helm-chart/Chart.yaml
View File

@ -4,8 +4,8 @@ name: loggie
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: v1.3.0
version: v1.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: v1.3.0
appVersion: v1.4.0

198
helm-chart/crds/crds.yaml
View File

@ -2,10 +2,11 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: clusterlogconfigs.loggie.io
spec:
conversion:
strategy: None
group: loggie.io
names:
kind: ClusterLogConfig
@ -16,92 +17,123 @@ spec:
singular: clusterlogconfig
scope: Cluster
versions:
- name: v1beta1
additionalPrinterColumns:
- description: select pods
jsonPath: .spec.selector.labelSelector
name: Pod Selector
type: string
- description: select nodes
jsonPath: .spec.selector.nodeSelector
name: Node Selector
type: string
- description: select cluster
jsonPath: .spec.selector.cluster
name: Cluster
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
pipeline:
properties:
interceptorRef:
type: string
interceptors:
type: string
name:
type: string
sink:
type: string
sinkRef:
type: string
sources:
type: string
type: object
selector:
properties:
cluster:
type: string
labelSelector:
additionalProperties:
type: string
metadata:
type: object
spec:
properties:
pipeline:
properties:
interceptorRef:
type: string
type: object
nodeSelector:
additionalProperties:
interceptors:
type: string
type: object
type:
type: string
type: object
type: object
status:
properties:
message:
properties:
lastTransitionTime:
type: string
observedGeneration:
format: int64
type: integer
reason:
type: string
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
name:
type: string
sink:
type: string
sinkRef:
type: string
sources:
type: string
type: object
selector:
properties:
cluster:
type: string
eoiPodSelector:
items:
properties:
expr:
type: string
key:
type: string
value:
items:
type: string
type: array
type: object
type: array
excludeNamespaceSelector:
items:
type: string
type: array
labelSelector:
additionalProperties:
type: string
type: object
namespaceSelector:
items:
type: string
type: array
nodeSelector:
additionalProperties:
type: string
type: object
type:
type: string
workload_selector:
items:
properties:
excludeNamespaceSelector:
items:
type: string
type: array
nameSelector:
items:
type: string
type: array
namespaceSelector:
items:
type: string
type: array
type:
items:
type: string
type: array
type: object
type: array
type: object
type: object
status:
properties:
message:
properties:
lastTransitionTime:
type: string
observedGeneration:
format: int64
type: integer
reason:
type: string
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
@ -161,6 +193,8 @@ spec:
type: string
sources:
type: string
queue:
type: string
type: object
selector:
properties:

15
helm-chart/templates/loggie-agent-daemonset.yaml
View File

@ -44,6 +44,12 @@ spec:
name: loggie
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if eq .Values.config.loggie.discovery.kubernetes.rootFsCollectionEnabled true }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
securityContext:
privileged: true
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 12}}
@ -64,8 +70,9 @@ spec:
name: docker
{{- end }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
- mountPath: /run/containerd/containerd.sock
name: containerdsocket
- mountPath: /run/
mountPropagation: HostToContainer
name: hostrun
{{- end }}
{{- end }}
@ -103,9 +110,9 @@ spec:
{{- end }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
- hostPath:
path: /run/containerd/containerd.sock
path: /run
type: ""
name: containerdsocket
name: hostrun
{{- end }}
{{- end }}

9
helm-chart/templates/loggie-rbac.yaml
View File

@ -7,7 +7,9 @@ rules:
- apiGroups:
- ""
resources:
- replicasets
- pods
- pods/log
- nodes
verbs:
- get
@ -57,6 +59,13 @@ rules:
- get
- list
- update
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1

3
helm-chart/values.yaml
View File

@ -1,4 +1,4 @@
image: loggieio/loggie:v1.3.0
image: loggieio/loggie:v1.4.0
resources:
limits:
@ -134,6 +134,7 @@ aggregator:
enabled: true
kubernetes:
cluster: aggregator
containerRuntime: none
http:
enabled: true
port: 9196

23
operator-helm-chart/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

11
operator-helm-chart/Chart.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v2
description: A Helm chart for Loggie Operator
name: loggie-operator
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: v0.1.0-rc.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: v0.1.0-rc.0

16
operator-helm-chart/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "operator.fullname" -}}
{{- $name := default .Release.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

147
operator-helm-chart/templates/cert/cert-gen-configmap.yaml Normal file
View File

@ -0,0 +1,147 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loggie-operator-cert-gen-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
data:
generate_cert.sh: |
#!/bin/bash
set -e
CERT_DIR="/tmp/cert"
SERVER_PORT=9443
SECRET=loggie-operator-webhook
NAMESPACE=loggie
usage() {
cat <<EOF
usage: ${0} [OPTIONS]
The following flags are required.
--hostname To deploy in Kubernetes, please use {serviceName}.{namespace}.svc;
locally, please use the IP address where the Loggie operator is running locally.
The following flags are optional.
--namespace Namespace where webhook service and secret reside. defaults: loggie
--secret Secret name for CA certificate and server certificate/key pair. defaults: loggie-webhook
--cert-dir The directory where the certificate is stored. defaults: "/tmp/cert"
--server-port Server Port. defaults: 9443
EOF
exit 1
}
while [ $# -gt 0 ]; do
case ${1} in
--hostname)
HOST_NAME="$2"
shift
;;
--namespace)
NAMESPACE="$2"
shift
;;
--secret)
SECRET="$2"
shift
;;
--cert-dir)
CERT_DIR="$2"
shift
;;
--server-port)
SERVER_PORT="$2"
shift
;;
*)
usage
;;
esac
shift
done
[ -z "${HOST_NAME}" ] && echo "ERROR: --hostname flag is required" && exit 1
mkdir -p ${CERT_DIR}
cd ${CERT_DIR}
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"server": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "87600h"
}
}
}
}
EOF
cat > ca-csr.json <<EOF
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "China",
"L": "Hangzhou",
"O": "Kubernetes",
"OU": "Kubernetes",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cat > server-csr.json <<EOF
{
"CN": "admission",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "China",
"L": "Hangzhou",
"O": "Kubernetes",
"OU": "Kubernetes",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${HOST_NAME} \
-profile=server \
server-csr.json | cfssljson -bare server
# create the secret with CA cert and server cert/key
kubectl create secret tls "${SECRET}" \
--key="${CERT_DIR}/server-key.pem" \
--cert="${CERT_DIR}/server.pem" \
--dry-run=client -o yaml |
kubectl -n "${NAMESPACE}" apply -f -
while true; do
echo "INFO: Trying to patch webhook adding the caBundle."
if kubectl patch "${kind:-mutatingwebhookconfiguration}" 'loggie-operator-webhook-{{ template "operator.name" . }}' --type='json' -p "[{'op': 'add', 'path': '/webhooks/0/clientConfig/caBundle', 'value':'$(cat ca.pem | base64 -w0)'}]"; then
break
fi
echo "INFO: webhook not patched. Retrying in 5s..."
sleep 5
done

55
operator-helm-chart/templates/cert/cert-job.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: batch/v1
kind: Job
metadata:
name: loggie-operator-webhook-cert-setup-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation
spec:
template:
spec:
serviceAccountName: loggie-operator-cert-{{ template "operator.name" . }}
containers:
- name: webhook-cert-setup
env:
- name: TZ
value: {{ .Values.timezone }}
image: {{ .Values.image.certSetup }}
command: ["./opt/generate_cert.sh"]
args:
- "--hostname"
- {{ template "operator.name" . }}.{{ .Release.Namespace }}.svc
- "--namespace"
- {{ .Release.Namespace }}
- "--secret"
- loggie-operator-webhook-{{ template "operator.name" . }}
volumeMounts:
- name: gen-cert
mountPath: /opt/generate_cert.sh
subPath: generate_cert.sh
resources:
limits:
cpu: 1
memory: 100Mi
requests:
cpu: 0.5
memory: 50Mi
restartPolicy: OnFailure
volumes:
- name: gen-cert
configMap:
name: loggie-operator-cert-gen-{{ template "operator.name" . }}
items:
- key: generate_cert.sh
path: generate_cert.sh
mode: 0755
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
backoffLimit: 3

37
operator-helm-chart/templates/cert/cert-mutatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: loggie-operator-webhook-{{ template "operator.name" . }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
namespace: {{ .Release.Namespace }}
name: {{ template "operator.name" . }}
path: /mutate-inject-sidecar
port: 9443
failurePolicy: Ignore
matchPolicy: Equivalent
name: sidecar-injector-webhook.loggie.io
namespaceSelector: {}
objectSelector:
matchExpressions:
- key: sidecar.loggie.io/inject
operator: NotIn
values:
- "false"
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
sideEffects: None
timeoutSeconds: 3

33
operator-helm-chart/templates/cert/cert-rbac.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loggie-operator-cert-role-{{ template "operator.name" . }}
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "update", "get", "list", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "update", "get", "list", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loggie-operator-cert-rolebinding-{{ template "operator.name" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loggie-operator-cert-role-{{ template "operator.name" . }}
subjects:
- kind: ServiceAccount
name: loggie-operator-cert-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loggie-operator-cert-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

9
operator-helm-chart/templates/operator/loggie-operator-configmap.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
data:
config.yml: |
{{- toYaml .Values.config | nindent 4 }}
kind: ConfigMap
metadata:
name: loggie-operator-config-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

53
operator-helm-chart/templates/operator/loggie-operator-deployment.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: loggie-operator
name: {{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: loggie-operator
template:
metadata:
labels:
app: loggie-operator
spec:
containers:
- args:
- -cert-dir=/tmp/cert
- -config-path=/etc/config.yml
- -leader-elect=true
{{- range $key, $value := .Values.extraArgs }}
- -{{ $key }}={{ $value }}
{{- end }}
image: {{ .Values.image.operator }}
env:
- name: TZ
value: {{ .Values.timezone }}
name: operator
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/config.yml
name: config
subPath: config.yml
- name: cert
mountPath: "/tmp/cert"
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
serviceAccountName: loggie-operator-{{ template "operator.name" . }}
volumes:
- name: config
configMap:
name: loggie-operator-config-{{ template "operator.name" . }}
- name: cert
secret:
secretName: loggie-operator-webhook-{{ template "operator.name" . }}

80
operator-helm-chart/templates/operator/loggie-operator-rbac.yaml Normal file
View File

@ -0,0 +1,80 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loggie-operator-role-{{ template "operator.name" . }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- get
- watch
- list
- update
- create
- patch
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- patch
- apiGroups:
- loggie.io
resources:
- logconfigs
- logconfigs/status
- clusterlogconfigs
- clusterlogconfigs/status
- sinks
- interceptors
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loggie-operator-rolebinding-{{ template "operator.name" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loggie-operator-role-{{ template "operator.name" . }}
subjects:
- kind: ServiceAccount
name: loggie-operator-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loggie-operator-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

15
operator-helm-chart/templates/operator/loggie-operator-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: loggie-operator
name: {{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: operator
port: 9443
targetPort: 9443
selector:
app: loggie-operator
type: ClusterIP

58
operator-helm-chart/values.yaml Normal file
View File

@ -0,0 +1,58 @@
image:
certSetup: loggieio/operator-webhook-cert-setup:v1.0.0
operator: docker.io/loggieio/loggie-operator:main-0af197d
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 100m
memory: 100Mi
extraArgs: {}
timezone: Asia/Shanghai
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - loggie
# topologyKey: "kubernetes.io/hostname"
## Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - effect: NoExecute
# operator: Exists
# - effect: NoSchedule
# operator: Exists
## operator config content
config:
sidecar:
enabled: true
image: loggieio/loggie:main-1a321f3
systemConfig: |
loggie:
monitor:
logger:
period: 30s
enabled: true
listeners:
filesource: ~
reload: ~
sink: ~
queue: ~
http:
enabled: true