summaryrefslogtreecommitdiffstats
path: root/clover/logging/install
diff options
context:
space:
mode:
Diffstat (limited to 'clover/logging/install')
-rw-r--r--clover/logging/install/elasticsearch-statefulset-service.yaml129
-rw-r--r--clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml96
-rw-r--r--clover/logging/install/fluentd-istio.yaml40
-rw-r--r--clover/logging/install/logging-stack.yaml205
-rw-r--r--clover/logging/install/proxy-access-control-sidecar.yml32
5 files changed, 502 insertions, 0 deletions
diff --git a/clover/logging/install/elasticsearch-statefulset-service.yaml b/clover/logging/install/elasticsearch-statefulset-service.yaml
new file mode 100644
index 0000000..0fcc832
--- /dev/null
+++ b/clover/logging/install/elasticsearch-statefulset-service.yaml
@@ -0,0 +1,129 @@
+# RBAC authn and authz
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: elasticsearch-logging
+ namespace: kube-system
+ labels:
+ k8s-app: elasticsearch-logging
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: elasticsearch-logging
+ labels:
+ k8s-app: elasticsearch-logging
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - "services"
+ - "namespaces"
+ - "endpoints"
+ verbs:
+ - "get"
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ namespace: kube-system
+ name: elasticsearch-logging
+ labels:
+ k8s-app: elasticsearch-logging
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+- kind: ServiceAccount
+ name: elasticsearch-logging
+ namespace: kube-system
+ apiGroup: ""
+roleRef:
+ kind: ClusterRole
+ name: elasticsearch-logging
+ apiGroup: ""
+---
+# Elasticsearch deployment itself
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: elasticsearch-logging
+ namespace: kube-system
+ labels:
+ k8s-app: elasticsearch-logging
+ version: v5.6.4
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
+spec:
+ serviceName: elasticsearch-logging
+ replicas: 2
+ selector:
+ matchLabels:
+ k8s-app: elasticsearch-logging
+ version: v5.6.4
+ template:
+ metadata:
+ labels:
+ k8s-app: elasticsearch-logging
+ version: v5.6.4
+ kubernetes.io/cluster-service: "true"
+ spec:
+ serviceAccountName: elasticsearch-logging
+ containers:
+ - image: k8s.gcr.io/elasticsearch:v5.6.4
+ name: elasticsearch-logging
+ resources:
+ # need more cpu upon initialization, therefore burstable class
+ limits:
+ cpu: 1000m
+ requests:
+ cpu: 100m
+ ports:
+ - containerPort: 9200
+ name: db
+ protocol: TCP
+ - containerPort: 9300
+ name: transport
+ protocol: TCP
+ volumeMounts:
+ - name: elasticsearch-logging
+ mountPath: /data
+ env:
+ - name: "NAMESPACE"
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumes:
+ - name: elasticsearch-logging
+ emptyDir: {}
+ # Elasticsearch requires vm.max_map_count to be at least 262144.
+ # If your OS already sets up this number to a higher value, feel free
+ # to remove this init container.
+ initContainers:
+ - image: alpine:3.6
+ command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
+ name: elasticsearch-logging-init
+ securityContext:
+ privileged: true
+---
+# Elasticsearch Service
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch-logging
+ namespace: kube-system
+ labels:
+ k8s-app: elasticsearch-logging
+ kubernetes.io/cluster-service: "true"
+ addonmanager.kubernetes.io/mode: Reconcile
+ kubernetes.io/name: "Elasticsearch"
+spec:
+ ports:
+ - port: 9200
+ protocol: TCP
+ targetPort: db
+ selector:
+ k8s-app: elasticsearch-logging
diff --git a/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml b/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml
new file mode 100644
index 0000000..8131ef5
--- /dev/null
+++ b/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: fluentd
+ namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: fluentd
+ namespace: kube-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: fluentd
+roleRef:
+ kind: ClusterRole
+ name: fluentd
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+ name: fluentd
+ namespace: kube-system
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+ name: fluentd
+ namespace: kube-system
+ labels:
+ k8s-app: fluentd-logging
+ version: v1
+ kubernetes.io/cluster-service: "true"
+spec:
+ template:
+ metadata:
+ labels:
+ k8s-app: fluentd-logging
+ version: v1
+ kubernetes.io/cluster-service: "true"
+ spec:
+ serviceAccount: fluentd
+ serviceAccountName: fluentd
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ containers:
+ - name: fluentd
+ image: fluent/fluentd-kubernetes-daemonset:elasticsearch
+ env:
+ - name: FLUENT_ELASTICSEARCH_HOST
+ value: "elasticsearch-logging"
+ - name: FLUENT_ELASTICSEARCH_PORT
+ value: "9200"
+ - name: FLUENT_ELASTICSEARCH_SCHEME
+ value: "http"
+ # X-Pack Authentication
+ # =====================
+ - name: FLUENT_ELASTICSEARCH_USER
+ value: "elastic"
+ - name: FLUENT_ELASTICSEARCH_PASSWORD
+ value: "changeme"
+ resources:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ volumeMounts:
+ - name: varlog
+ mountPath: /var/log
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: varlog
+ hostPath:
+ path: /var/log
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
diff --git a/clover/logging/install/fluentd-istio.yaml b/clover/logging/install/fluentd-istio.yaml
new file mode 100644
index 0000000..1853831
--- /dev/null
+++ b/clover/logging/install/fluentd-istio.yaml
@@ -0,0 +1,40 @@
+# Configuration for logentry instances
+apiVersion: "config.istio.io/v1alpha2"
+kind: logentry
+metadata:
+ name: newlog
+ namespace: istio-system
+spec:
+ severity: '"info"'
+ timestamp: request.time
+ variables:
+ source: source.labels["app"] | source.service | "unknown"
+ user: source.user | "unknown"
+ destination: destination.labels["app"] | destination.service | "unknown"
+ responseCode: response.code | 0
+ responseSize: response.size | 0
+ latency: response.duration | "0ms"
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+# Configuration for a fluentd handler
+apiVersion: "config.istio.io/v1alpha2"
+kind: fluentd
+metadata:
+ name: handler
+ namespace: istio-system
+spec:
+ address: "fluentd-es.logging:24224"
+---
+# Rule to send logentry instances to the fluentd handler
+apiVersion: "config.istio.io/v1alpha2"
+kind: rule
+metadata:
+ name: newlogtofluentd
+ namespace: istio-system
+spec:
+ match: "true" # match for all requests
+ actions:
+ - handler: handler.fluentd
+ instances:
+ - newlog.logentry
+---
diff --git a/clover/logging/install/logging-stack.yaml b/clover/logging/install/logging-stack.yaml
new file mode 100644
index 0000000..9542496
--- /dev/null
+++ b/clover/logging/install/logging-stack.yaml
@@ -0,0 +1,205 @@
+# Logging Namespace. All below are a part of this namespace.
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: logging
+---
+# Elasticsearch Service
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch
+ namespace: logging
+ labels:
+ app: elasticsearch
+spec:
+ ports:
+ - port: 9200
+ protocol: TCP
+ targetPort: db
+ selector:
+ app: elasticsearch
+ type: NodePort
+---
+# Elasticsearch Deployment
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: elasticsearch
+ namespace: logging
+ labels:
+ app: elasticsearch
+ annotations:
+ sidecar.istio.io/inject: "false"
+spec:
+ template:
+ metadata:
+ labels:
+ app: elasticsearch
+ spec:
+ containers:
+ - image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.1
+ name: elasticsearch
+ resources:
+ # need more cpu upon initialization, therefore burstable class
+ limits:
+ cpu: 1000m
+ requests:
+ cpu: 100m
+ env:
+ - name: discovery.type
+ value: single-node
+ ports:
+ - containerPort: 9200
+ name: db
+ protocol: TCP
+ - containerPort: 9300
+ name: transport
+ protocol: TCP
+ volumeMounts:
+ - name: elasticsearch
+ mountPath: /data
+ volumes:
+ - name: elasticsearch
+ emptyDir: {}
+---
+# Fluentd Service
+apiVersion: v1
+kind: Service
+metadata:
+ name: fluentd-es
+ namespace: logging
+ labels:
+ app: fluentd-es
+spec:
+ ports:
+ - name: fluentd-tcp
+ port: 24224
+ protocol: TCP
+ targetPort: 24224
+ - name: fluentd-udp
+ port: 24224
+ protocol: UDP
+ targetPort: 24224
+ selector:
+ app: fluentd-es
+---
+# Fluentd Deployment
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: fluentd-es
+ namespace: logging
+ labels:
+ app: fluentd-es
+ annotations:
+ sidecar.istio.io/inject: "false"
+spec:
+ template:
+ metadata:
+ labels:
+ app: fluentd-es
+ spec:
+ containers:
+ - name: fluentd-es
+ image: gcr.io/google-containers/fluentd-elasticsearch:v2.0.1
+ env:
+ - name: FLUENTD_ARGS
+ value: --no-supervisor -q
+ resources:
+ limits:
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/fluent/config.d
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: config-volume
+ configMap:
+ name: fluentd-es-config
+---
+# Fluentd ConfigMap, contains config files.
+kind: ConfigMap
+apiVersion: v1
+data:
+ forward.input.conf: |-
+ # Takes the messages sent over TCP
+ <source>
+ type forward
+ </source>
+ output.conf: |-
+ <match **>
+ type elasticsearch
+ log_level info
+ include_tag_key true
+ host elasticsearch
+ port 9200
+ logstash_format true
+ # Set the chunk limits.
+ buffer_chunk_limit 2M
+ buffer_queue_limit 8
+ flush_interval 5s
+ # Never wait longer than 5 minutes between retries.
+ max_retry_wait 30
+ # Disable the limit on the number of retries (retry forever).
+ disable_retry_limit
+ # Use multiple threads for processing.
+ num_threads 2
+ </match>
+metadata:
+ name: fluentd-es-config
+ namespace: logging
+---
+# Kibana Service
+apiVersion: v1
+kind: Service
+metadata:
+ name: kibana
+ namespace: logging
+ labels:
+ app: kibana
+spec:
+ ports:
+ - port: 5601
+ protocol: TCP
+ targetPort: ui
+ selector:
+ app: kibana
+ type: NodePort
+---
+# Kibana Deployment
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: kibana
+ namespace: logging
+ labels:
+ app: kibana
+ annotations:
+ sidecar.istio.io/inject: "false"
+spec:
+ template:
+ metadata:
+ labels:
+ app: kibana
+ spec:
+ containers:
+ - name: kibana
+ image: docker.elastic.co/kibana/kibana-oss:6.1.1
+ resources:
+ # need more cpu upon initialization, therefore burstable class
+ limits:
+ cpu: 1000m
+ requests:
+ cpu: 100m
+ env:
+ - name: ELASTICSEARCH_URL
+ value: http://elasticsearch:9200
+ ports:
+ - containerPort: 5601
+ name: ui
+ protocol: TCP
+---
diff --git a/clover/logging/install/proxy-access-control-sidecar.yml b/clover/logging/install/proxy-access-control-sidecar.yml
new file mode 100644
index 0000000..833f9f7
--- /dev/null
+++ b/clover/logging/install/proxy-access-control-sidecar.yml
@@ -0,0 +1,32 @@
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ template:
+ metadata:
+ labels:
+ app: proxy-access-control
+ spec:
+ containers:
+ - name: proxy-access-control
+ image: opnfv/clover-ns-nginx-proxy:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+# inject nginx access log streaming
+ volumeMounts:
+ - name: nginxlog
+ mountPath: /var/log/nginx
+ - name: nginx-access-log
+ image: busybox
+ args: [/bin/sh, -c, 'tail -n+1 -f /var/log/nginx/access.log']
+ volumeMounts:
+ - name: nginxlog
+ mountPath: /var/log/nginx
+ volumes:
+ - name: nginxlog
+ emptyDir: {}