loggie-io
/
installation
mirror of https://github.com/loggie-io/installation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: loggie-io:v1.4.0-rc.0
Branches Tags
loggie-io:main
loggie-io:release-v1.4
loggie-io:zzy-mount-root
loggie-io:ethfoo-patch-1
loggie-io:release-v1.3
loggie-io:release-v1.2
loggie-io:release-v1.1
loggie-io:release-v1.0
loggie-io:v1.4.0
loggie-io:v1.4.0-rc.0
loggie-io:v1.3.0
loggie-io:v1.3.0-rc.0
loggie-io:v1.2.0
loggie-io:v1.1.0
loggie-io:v1.0.0
...
compare: loggie-io:main
Branches Tags
loggie-io:main
loggie-io:release-v1.4
loggie-io:zzy-mount-root
loggie-io:ethfoo-patch-1
loggie-io:release-v1.3
loggie-io:release-v1.2
loggie-io:release-v1.1
loggie-io:release-v1.0
loggie-io:v1.4.0
loggie-io:v1.4.0-rc.0
loggie-io:v1.3.0
loggie-io:v1.3.0-rc.0
loggie-io:v1.2.0
loggie-io:v1.1.0
loggie-io:v1.0.0

8 Commits
v1.4.0-rc. ... main

Author SHA1 Message Date
zhanglei 60d82d963d
修改crd数据结构,支持匹配workload (#38) 
Co-authored-by: lei.zhangDB <lei.zhangDB@eoitek.com>
 2023-12-22 10:22:30 +08:00
ethfoo d0c2397a47
Fix: add privileged when runtime is containerd (#37) 2023-07-31 15:09:34 +08:00
ziyu-zhao 67ebbaec78
modify logconfig/clusterlogconfig queue (#29) 2023-07-19 16:46:27 +08:00
wchy1001 7da7444655
Mount the whole /run directory to container (#34) 
When containerd's runtime is kata, we need to mount the /run directory
to container

depend on: https://github.com/loggie-io/loggie/pull/554

Co-authored-by: wuchunyang <wchy1001@gmail.com>
 2023-06-08 10:11:21 +08:00
ethfoo bfffba6a07
Feat: upgrade loggie version to v1.4.0 (#33) 2023-03-07 14:48:29 +08:00
ethfoo 3081dbdfda
Feat: add loggie operator helm chart (#32) 2023-02-27 17:47:23 +08:00
ethfoo e30a51cf55
Feat: upgrade version to v1.4.0-rc.0; update clusterrole (#31) 2023-02-22 15:57:27 +08:00
ethfoo 5f8b05a76d
Update values.yaml (#27) 2023-01-04 16:14:22 +08:00
17 changed files with 677 additions and 89 deletions
Show Stats Expand all files Collapse all files

4
helm-chart/Chart.yaml
View File

@ -4,8 +4,8 @@ name: loggie
type: application type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: v1.3.0 version: v1.4.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
appVersion: v1.3.0 appVersion: v1.4.0

198
helm-chart/crds/crds.yaml
View File

@ -2,10 +2,11 @@
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: clusterlogconfigs.loggie.io name: clusterlogconfigs.loggie.io
spec: spec:
conversion:
strategy: None
group: loggie.io group: loggie.io
names: names:
kind: ClusterLogConfig kind: ClusterLogConfig
@ -16,92 +17,123 @@ spec:
singular: clusterlogconfig singular: clusterlogconfig
scope: Cluster scope: Cluster
versions: versions:
- name: v1beta1 - name: v1beta1
additionalPrinterColumns: schema:
- description: select pods openAPIV3Schema:
jsonPath: .spec.selector.labelSelector properties:
name: Pod Selector apiVersion:
type: string description: 'APIVersion defines the versioned schema of this representation
- description: select nodes
jsonPath: .spec.selector.nodeSelector
name: Node Selector
type: string
- description: select cluster
jsonPath: .spec.selector.cluster
name: Cluster
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
properties: properties:
pipeline: pipeline:
properties: properties:
interceptorRef: interceptorRef:
type: string
interceptors:
type: string
name:
type: string
sink:
type: string
sinkRef:
type: string
sources:
type: string
type: object
selector:
properties:
cluster:
type: string
labelSelector:
additionalProperties:
type: string type: string
type: object interceptors:
nodeSelector:
additionalProperties:
type: string type: string
type: object name:
type: type: string
type: string sink:
type: object type: string
type: object sinkRef:
status: type: string
properties: sources:
message: type: string
properties: type: object
lastTransitionTime: selector:
type: string properties:
observedGeneration: cluster:
format: int64 type: string
type: integer eoiPodSelector:
reason: items:
type: string properties:
type: object expr:
type: object type: string
required: key:
- spec type: string
type: object value:
served: true items:
storage: true type: string
subresources: type: array
status: {} type: object
type: array
excludeNamespaceSelector:
items:
type: string
type: array
labelSelector:
additionalProperties:
type: string
type: object
namespaceSelector:
items:
type: string
type: array
nodeSelector:
additionalProperties:
type: string
type: object
type:
type: string
workload_selector:
items:
properties:
excludeNamespaceSelector:
items:
type: string
type: array
nameSelector:
items:
type: string
type: array
namespaceSelector:
items:
type: string
type: array
type:
items:
type: string
type: array
type: object
type: array
type: object
type: object
status:
properties:
message:
properties:
lastTransitionTime:
type: string
observedGeneration:
format: int64
type: integer
reason:
type: string
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
@ -161,6 +193,8 @@ spec:
type: string type: string
sources: sources:
type: string type: string
queue:
type: string
type: object type: object
selector: selector:
properties: properties:

15
helm-chart/templates/loggie-agent-daemonset.yaml
View File

@ -44,6 +44,12 @@ spec:
name: loggie name: loggie
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- if eq .Values.config.loggie.discovery.kubernetes.rootFsCollectionEnabled true }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
securityContext:
privileged: true
{{- end }}
{{- end }}
volumeMounts: volumeMounts:
{{- if .Values.extraVolumeMounts }} {{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | nindent 12}} {{ toYaml .Values.extraVolumeMounts | nindent 12}}
@ -64,8 +70,9 @@ spec:
name: docker name: docker
{{- end }} {{- end }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }} {{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
- mountPath: /run/containerd/containerd.sock - mountPath: /run/
name: containerdsocket mountPropagation: HostToContainer
name: hostrun
{{- end }} {{- end }}
{{- end }} {{- end }}
@ -103,9 +110,9 @@ spec:
{{- end }} {{- end }}
{{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }} {{- if eq .Values.config.loggie.discovery.kubernetes.containerRuntime "containerd" }}
- hostPath: - hostPath:
path: /run/containerd/containerd.sock path: /run
type: "" type: ""
name: containerdsocket name: hostrun
{{- end }} {{- end }}
{{- end }} {{- end }}

9
helm-chart/templates/loggie-rbac.yaml
View File

@ -7,7 +7,9 @@ rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- replicasets
- pods - pods
- pods/log
- nodes - nodes
verbs: verbs:
- get - get
@ -57,6 +59,13 @@ rules:
- get - get
- list - list
- update - update
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1

3
helm-chart/values.yaml
View File

@ -1,4 +1,4 @@
image: loggieio/loggie:v1.3.0 image: loggieio/loggie:v1.4.0
resources: resources:
limits: limits:
@ -134,6 +134,7 @@ aggregator:
enabled: true enabled: true
kubernetes: kubernetes:
cluster: aggregator cluster: aggregator
containerRuntime: none
http: http:
enabled: true enabled: true
port: 9196 port: 9196

23
operator-helm-chart/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

11
operator-helm-chart/Chart.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v2
description: A Helm chart for Loggie Operator
name: loggie-operator
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: v0.1.0-rc.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: v0.1.0-rc.0

16
operator-helm-chart/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "operator.fullname" -}}
{{- $name := default .Release.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

147
operator-helm-chart/templates/cert/cert-gen-configmap.yaml Normal file
View File

@ -0,0 +1,147 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loggie-operator-cert-gen-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
data:
generate_cert.sh: |
#!/bin/bash
set -e
CERT_DIR="/tmp/cert"
SERVER_PORT=9443
SECRET=loggie-operator-webhook
NAMESPACE=loggie
usage() {
cat <<EOF
usage: ${0} [OPTIONS]
The following flags are required.
--hostname To deploy in Kubernetes, please use {serviceName}.{namespace}.svc;
locally, please use the IP address where the Loggie operator is running locally.
The following flags are optional.
--namespace Namespace where webhook service and secret reside. defaults: loggie
--secret Secret name for CA certificate and server certificate/key pair. defaults: loggie-webhook
--cert-dir The directory where the certificate is stored. defaults: "/tmp/cert"
--server-port Server Port. defaults: 9443
EOF
exit 1
}
while [ $# -gt 0 ]; do
case ${1} in
--hostname)
HOST_NAME="$2"
shift
;;
--namespace)
NAMESPACE="$2"
shift
;;
--secret)
SECRET="$2"
shift
;;
--cert-dir)
CERT_DIR="$2"
shift
;;
--server-port)
SERVER_PORT="$2"
shift
;;
*)
usage
;;
esac
shift
done
[ -z "${HOST_NAME}" ] && echo "ERROR: --hostname flag is required" && exit 1
mkdir -p ${CERT_DIR}
cd ${CERT_DIR}
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"server": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "87600h"
}
}
}
}
EOF
cat > ca-csr.json <<EOF
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "China",
"L": "Hangzhou",
"O": "Kubernetes",
"OU": "Kubernetes",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cat > server-csr.json <<EOF
{
"CN": "admission",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "China",
"L": "Hangzhou",
"O": "Kubernetes",
"OU": "Kubernetes",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${HOST_NAME} \
-profile=server \
server-csr.json | cfssljson -bare server
# create the secret with CA cert and server cert/key
kubectl create secret tls "${SECRET}" \
--key="${CERT_DIR}/server-key.pem" \
--cert="${CERT_DIR}/server.pem" \
--dry-run=client -o yaml |
kubectl -n "${NAMESPACE}" apply -f -
while true; do
echo "INFO: Trying to patch webhook adding the caBundle."
if kubectl patch "${kind:-mutatingwebhookconfiguration}" 'loggie-operator-webhook-{{ template "operator.name" . }}' --type='json' -p "[{'op': 'add', 'path': '/webhooks/0/clientConfig/caBundle', 'value':'$(cat ca.pem | base64 -w0)'}]"; then
break
fi
echo "INFO: webhook not patched. Retrying in 5s..."
sleep 5
done

55
operator-helm-chart/templates/cert/cert-job.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: batch/v1
kind: Job
metadata:
name: loggie-operator-webhook-cert-setup-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation
spec:
template:
spec:
serviceAccountName: loggie-operator-cert-{{ template "operator.name" . }}
containers:
- name: webhook-cert-setup
env:
- name: TZ
value: {{ .Values.timezone }}
image: {{ .Values.image.certSetup }}
command: ["./opt/generate_cert.sh"]
args:
- "--hostname"
- {{ template "operator.name" . }}.{{ .Release.Namespace }}.svc
- "--namespace"
- {{ .Release.Namespace }}
- "--secret"
- loggie-operator-webhook-{{ template "operator.name" . }}
volumeMounts:
- name: gen-cert
mountPath: /opt/generate_cert.sh
subPath: generate_cert.sh
resources:
limits:
cpu: 1
memory: 100Mi
requests:
cpu: 0.5
memory: 50Mi
restartPolicy: OnFailure
volumes:
- name: gen-cert
configMap:
name: loggie-operator-cert-gen-{{ template "operator.name" . }}
items:
- key: generate_cert.sh
path: generate_cert.sh
mode: 0755
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
backoffLimit: 3

37
operator-helm-chart/templates/cert/cert-mutatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: loggie-operator-webhook-{{ template "operator.name" . }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
namespace: {{ .Release.Namespace }}
name: {{ template "operator.name" . }}
path: /mutate-inject-sidecar
port: 9443
failurePolicy: Ignore
matchPolicy: Equivalent
name: sidecar-injector-webhook.loggie.io
namespaceSelector: {}
objectSelector:
matchExpressions:
- key: sidecar.loggie.io/inject
operator: NotIn
values:
- "false"
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
sideEffects: None
timeoutSeconds: 3

33
operator-helm-chart/templates/cert/cert-rbac.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loggie-operator-cert-role-{{ template "operator.name" . }}
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create", "update", "get", "list", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "update", "get", "list", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loggie-operator-cert-rolebinding-{{ template "operator.name" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loggie-operator-cert-role-{{ template "operator.name" . }}
subjects:
- kind: ServiceAccount
name: loggie-operator-cert-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loggie-operator-cert-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

9
operator-helm-chart/templates/operator/loggie-operator-configmap.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
data:
config.yml: |
{{- toYaml .Values.config | nindent 4 }}
kind: ConfigMap
metadata:
name: loggie-operator-config-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

53
operator-helm-chart/templates/operator/loggie-operator-deployment.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: loggie-operator
name: {{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: loggie-operator
template:
metadata:
labels:
app: loggie-operator
spec:
containers:
- args:
- -cert-dir=/tmp/cert
- -config-path=/etc/config.yml
- -leader-elect=true
{{- range $key, $value := .Values.extraArgs }}
- -{{ $key }}={{ $value }}
{{- end }}
image: {{ .Values.image.operator }}
env:
- name: TZ
value: {{ .Values.timezone }}
name: operator
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/config.yml
name: config
subPath: config.yml
- name: cert
mountPath: "/tmp/cert"
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
serviceAccountName: loggie-operator-{{ template "operator.name" . }}
volumes:
- name: config
configMap:
name: loggie-operator-config-{{ template "operator.name" . }}
- name: cert
secret:
secretName: loggie-operator-webhook-{{ template "operator.name" . }}

80
operator-helm-chart/templates/operator/loggie-operator-rbac.yaml Normal file
View File

@ -0,0 +1,80 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: loggie-operator-role-{{ template "operator.name" . }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- get
- watch
- list
- update
- create
- patch
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- patch
- apiGroups:
- loggie.io
resources:
- logconfigs
- logconfigs/status
- clusterlogconfigs
- clusterlogconfigs/status
- sinks
- interceptors
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loggie-operator-rolebinding-{{ template "operator.name" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: loggie-operator-role-{{ template "operator.name" . }}
subjects:
- kind: ServiceAccount
name: loggie-operator-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: loggie-operator-{{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}

15
operator-helm-chart/templates/operator/loggie-operator-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: loggie-operator
name: {{ template "operator.name" . }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: operator
port: 9443
targetPort: 9443
selector:
app: loggie-operator
type: ClusterIP

58
operator-helm-chart/values.yaml Normal file
View File

@ -0,0 +1,58 @@
image:
certSetup: loggieio/operator-webhook-cert-setup:v1.0.0
operator: docker.io/loggieio/loggie-operator:main-0af197d
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 100m
memory: 100Mi
extraArgs: {}
timezone: Asia/Shanghai
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - loggie
# topologyKey: "kubernetes.io/hostname"
## Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - effect: NoExecute
# operator: Exists
# - effect: NoSchedule
# operator: Exists
## operator config content
config:
sidecar:
enabled: true
image: loggieio/loggie:main-1a321f3
systemConfig: |
loggie:
monitor:
logger:
period: 30s
enabled: true
listeners:
filesource: ~
reload: ~
sink: ~
queue: ~
http:
enabled: true