Skip to content

Commit

Permalink
Migrate collector configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
DebakelOrakel committed Dec 23, 2024
1 parent 0feb230 commit 70df656
Show file tree
Hide file tree
Showing 11 changed files with 309 additions and 14 deletions.
12 changes: 3 additions & 9 deletions class/defaults.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ parameters:

namespace: openshift-logging

version: '6.0'
version: '6.1'
channel: 'stable-${openshift4_logging:version}'

components:
Expand Down Expand Up @@ -61,13 +61,8 @@ parameters:

alerts:
release: 'release-${openshift4_logging:version}'
ignore:
- ElasticsearchHighFileDescriptorUsage
- ElasticsearchOperatorCSVNotSuccessful
- FluentdQueueLengthIncreasing
patch:
FluentdQueueLengthIncreasing:
for: '12h'
ignore: []
patch: {}

operatorResources:
clusterLogging:
Expand Down Expand Up @@ -95,4 +90,3 @@ parameters:
sleep_time: 2m

openshift4_console: ${openshift4_logging:_openshift4_console:${openshift4_logging:components:lokistack:enabled}}

82 changes: 82 additions & 0 deletions component/log_forwarder.libsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,20 @@ local clusterLogForwarderSpec = {
local infraPipeline = std.get(std.get(params.clusterLogForwarder, 'pipelines', {}), 'infrastructure-logs', {}),
local auditPipeline = std.get(std.get(params.clusterLogForwarder, 'pipelines', {}), 'audit-logs', {}),

managementState: 'Managed',
collector: {
resources: {
requests: {
cpu: '20m',
memory: '400M',
},
},
tolerations: [ {
key: 'storagenode',
operator: 'Exists',
} ],
},
serviceAccount: 'logcollector',
inputs: {},
outputs: {},
pipelines: {
Expand Down Expand Up @@ -71,10 +85,78 @@ local clusterLogForwarder = kube._Object('observability.openshift.io/v1', 'Clust
spec: unfoldSpecs(clusterLogForwarderSpec),
};

// Collector ServiceAccount
// Create a ServiceAccount and ClusterRoleBindings for collector pods.
local rbac = [
kube.ServiceAccount('logcollector') {
metadata+: {
annotations+: {
'argocd.argoproj.io/sync-wave': '-50',
},
namespace: params.namespace,
},
},
kube._Object('rbac.authorization.k8s.io/v1', 'ClusterRoleBinding', 'logcollector-application-logs') {
metadata+: {
annotations+: {
'argocd.argoproj.io/sync-wave': '-50',
},
namespace: params.namespace,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'collect-application-logs'
},
subjects: [{
kind: 'ServiceAccount',
name: 'logcollector',
namespace: params.namespace
}],
},
kube._Object('rbac.authorization.k8s.io/v1', 'ClusterRoleBinding', 'logcollector-infrastructure-logs') {
metadata+: {
annotations+: {
'argocd.argoproj.io/sync-wave': '-50',
},
namespace: params.namespace,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'collect-infrastructure-logs'
},
subjects: [{
kind: 'ServiceAccount',
name: 'logcollector',
namespace: params.namespace
}],
},
kube._Object('rbac.authorization.k8s.io/v1', 'ClusterRoleBinding', 'logcollector-audit-logs') {
metadata+: {
annotations+: {
'argocd.argoproj.io/sync-wave': '-50',
},
namespace: params.namespace,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'collect-audit-logs'
},
subjects: [{
kind: 'ServiceAccount',
name: 'logcollector',
namespace: params.namespace
}],
},
];

// Define outputs below
if forwarderEnabled then
{
'40_log_forwarder': clusterLogForwarder,
'40_log_forwarder_rbac': rbac,
}
else
std.trace(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
name: cluster-logging
namespace: openshift-logging
spec:
channel: stable-6.0
channel: stable-6.1
config:
resources:
limits:
Expand All @@ -31,7 +31,7 @@ metadata:
name: loki-operator
namespace: openshift-operators-redhat
spec:
channel: stable-6.0
channel: stable-6.1
config:
resources:
limits:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@ metadata:
name: instance
namespace: openshift-logging
spec:
collector:
resources:
requests:
cpu: 20m
memory: 400M
tolerations:
- key: storagenode
operator: Exists
managementState: Managed
pipelines:
- inputRefs:
- application
Expand All @@ -19,3 +28,4 @@ spec:
name: infrastructure-logs
outputRefs:
- default
serviceAccount: logcollector
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-application-logs
name: logcollector-application-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-application-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-infrastructure-logs
name: logcollector-infrastructure-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-infrastructure-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-audit-logs
name: logcollector-audit-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-audit-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
name: cluster-logging
namespace: openshift-logging
spec:
channel: stable-6.0
channel: stable-6.1
config:
resources:
limits:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,21 @@ metadata:
name: instance
namespace: openshift-logging
spec:
collector:
resources:
requests:
cpu: 20m
memory: 400M
tolerations:
- key: storagenode
operator: Exists
inputs:
- application:
namespaces:
- app-one
- app-two
name: my-apps
managementState: Managed
outputs:
- name: custom-forwarder
type: syslog
Expand All @@ -40,3 +49,4 @@ spec:
outputRefs:
- custom-forwarder
parse: json
serviceAccount: logcollector
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-application-logs
name: logcollector-application-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-application-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-infrastructure-logs
name: logcollector-infrastructure-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-infrastructure-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-50'
labels:
name: logcollector-audit-logs
name: logcollector-audit-logs
namespace: openshift-logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: collect-audit-logs
subjects:
- kind: ServiceAccount
name: logcollector
namespace: openshift-logging
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
name: cluster-logging
namespace: openshift-logging
spec:
channel: stable-6.0
channel: stable-6.1
config:
resources:
limits:
Expand All @@ -31,7 +31,7 @@ metadata:
name: loki-operator
namespace: openshift-operators-redhat
spec:
channel: stable-6.0
channel: stable-6.1
config:
resources:
limits:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@ metadata:
name: instance
namespace: openshift-logging
spec:
collector:
resources:
requests:
cpu: 20m
memory: 400M
tolerations:
- key: storagenode
operator: Exists
managementState: Managed
pipelines:
- detectMultilineErrors: true
inputRefs:
Expand All @@ -21,3 +30,4 @@ spec:
name: infrastructure-logs
outputRefs:
- default
serviceAccount: logcollector
Loading

0 comments on commit 70df656

Please sign in to comment.