diff options
Diffstat (limited to 'clover/logging')
3 files changed, 257 insertions, 0 deletions
diff --git a/clover/logging/install/elasticsearch-statefulset-service.yaml b/clover/logging/install/elasticsearch-statefulset-service.yaml new file mode 100644 index 0000000..0fcc832 --- /dev/null +++ b/clover/logging/install/elasticsearch-statefulset-service.yaml @@ -0,0 +1,129 @@ +# RBAC authn and authz +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elasticsearch-logging + namespace: kube-system + labels: + k8s-app: elasticsearch-logging + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: elasticsearch-logging + labels: + k8s-app: elasticsearch-logging + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +rules: +- apiGroups: + - "" + resources: + - "services" + - "namespaces" + - "endpoints" + verbs: + - "get" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: kube-system + name: elasticsearch-logging + labels: + k8s-app: elasticsearch-logging + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +subjects: +- kind: ServiceAccount + name: elasticsearch-logging + namespace: kube-system + apiGroup: "" +roleRef: + kind: ClusterRole + name: elasticsearch-logging + apiGroup: "" +--- +# Elasticsearch deployment itself +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: elasticsearch-logging + namespace: kube-system + labels: + k8s-app: elasticsearch-logging + version: v5.6.4 + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +spec: + serviceName: elasticsearch-logging + replicas: 2 + selector: + matchLabels: + k8s-app: elasticsearch-logging + version: v5.6.4 + template: + metadata: + labels: + k8s-app: elasticsearch-logging + version: v5.6.4 + kubernetes.io/cluster-service: "true" + spec: + serviceAccountName: elasticsearch-logging + containers: + - image: k8s.gcr.io/elasticsearch:v5.6.4 + name: elasticsearch-logging + resources: + # need more cpu upon initialization, therefore burstable class + limits: + cpu: 1000m + requests: + cpu: 100m + ports: + - containerPort: 9200 + name: db + protocol: TCP + - containerPort: 9300 + name: transport + protocol: TCP + volumeMounts: + - name: elasticsearch-logging + mountPath: /data + env: + - name: "NAMESPACE" + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumes: + - name: elasticsearch-logging + emptyDir: {} + # Elasticsearch requires vm.max_map_count to be at least 262144. + # If your OS already sets up this number to a higher value, feel free + # to remove this init container. + initContainers: + - image: alpine:3.6 + command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"] + name: elasticsearch-logging-init + securityContext: + privileged: true +--- +# Elasticsearch Service +apiVersion: v1 +kind: Service +metadata: + name: elasticsearch-logging + namespace: kube-system + labels: + k8s-app: elasticsearch-logging + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile + kubernetes.io/name: "Elasticsearch" +spec: + ports: + - port: 9200 + protocol: TCP + targetPort: db + selector: + k8s-app: elasticsearch-logging diff --git a/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml b/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml new file mode 100644 index 0000000..8131ef5 --- /dev/null +++ b/clover/logging/install/fluentd-daemonset-elasticsearch-rbac.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fluentd + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: fluentd + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - pods + - namespaces + verbs: + - get + - list + - watch + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: fluentd +roleRef: + kind: ClusterRole + name: fluentd + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: fluentd + namespace: kube-system +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: fluentd + namespace: kube-system + labels: + k8s-app: fluentd-logging + version: v1 + kubernetes.io/cluster-service: "true" +spec: + template: + metadata: + labels: + k8s-app: fluentd-logging + version: v1 + kubernetes.io/cluster-service: "true" + spec: + serviceAccount: fluentd + serviceAccountName: fluentd + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + containers: + - name: fluentd + image: fluent/fluentd-kubernetes-daemonset:elasticsearch + env: + - name: FLUENT_ELASTICSEARCH_HOST + value: "elasticsearch-logging" + - name: FLUENT_ELASTICSEARCH_PORT + value: "9200" + - name: FLUENT_ELASTICSEARCH_SCHEME + value: "http" + # X-Pack Authentication + # ===================== + - name: FLUENT_ELASTICSEARCH_USER + value: "elastic" + - name: FLUENT_ELASTICSEARCH_PASSWORD + value: "changeme" + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - name: varlog + mountPath: /var/log + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + terminationGracePeriodSeconds: 30 + volumes: + - name: varlog + hostPath: + path: /var/log + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers diff --git a/clover/logging/install/proxy-access-control-sidecar.yml b/clover/logging/install/proxy-access-control-sidecar.yml new file mode 100644 index 0000000..833f9f7 --- /dev/null +++ b/clover/logging/install/proxy-access-control-sidecar.yml @@ -0,0 +1,32 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: proxy-access-control + labels: + app: proxy-access-control +spec: + template: + metadata: + labels: + app: proxy-access-control + spec: + containers: + - name: proxy-access-control + image: opnfv/clover-ns-nginx-proxy:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +# inject nginx access log streaming + volumeMounts: + - name: nginxlog + mountPath: /var/log/nginx + - name: nginx-access-log + image: busybox + args: [/bin/sh, -c, 'tail -n+1 -f /var/log/nginx/access.log'] + volumeMounts: + - name: nginxlog + mountPath: /var/log/nginx + volumes: + - name: nginxlog + emptyDir: {} |