-
Notifications
You must be signed in to change notification settings - Fork 40
/
logzio-daemonset-rbac-monitoring.yaml
134 lines (132 loc) · 3.29 KB
/
logzio-daemonset-rbac-monitoring.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Exposes fluentd metrics on port 24231, /metrics.
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluentd
namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fluentd
namespace: monitoring
rules:
- apiGroups:
- ""
resources:
- pods
- namespaces
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fluentd
roleRef:
kind: ClusterRole
name: fluentd
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: fluentd
namespace: monitoring
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-logzio
namespace: monitoring
labels:
k8s-app: fluentd-logzio
version: v1
spec:
selector:
matchLabels:
k8s-app: fluentd-logzio
template:
metadata:
labels:
k8s-app: fluentd-logzio
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "24231"
spec:
serviceAccount: fluentd
serviceAccountName: fluentd
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
# Because the image's entrypoint requires to write on /fluentd/etc but we mount configmap there which is read-only,
# this initContainers workaround or other is needed.
# See https://github.com/fluent/fluentd-kubernetes-daemonset/issues/90
initContainers:
- name: copy-fluentd-config
image: busybox
command: ['sh', '-c', 'cp /config-volume/..data/* /fluentd/etc']
volumeMounts:
- name: config-volume
mountPath: /config-volume
- name: fluentdconf
mountPath: /fluentd/etc
containers:
- name: fluentd
image: logzio/logzio-fluentd:1.5.4
ports:
- name: metrics
containerPort: 24231
protocol: TCP
env:
- name: LOGZIO_LOG_SHIPPING_TOKEN
valueFrom:
secretKeyRef:
name: logzio-logs-secret
key: logzio-log-shipping-token
- name: LOGZIO_LOG_LISTENER
valueFrom:
secretKeyRef:
name: logzio-logs-secret
key: logzio-log-listener
- name: FLUENTD_SYSTEMD_CONF
value: "disable"
- name: INCLUDE_NAMESPACE
value: ""
- name: KUBERNETES_VERIFY_SSL
value: "true"
- name: AUDIT_LOG_FORMAT
value: audit
- name: "CRI"
value: "docker"
resources:
limits:
memory: 500Mi
requests:
cpu: 200m
memory: 500Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: config-volume
mountPath: /config-volume
- name: fluentdconf
mountPath: /fluentd/etc
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: config-volume
configMap:
name: fluentd-config-monitoring
- name: fluentdconf
emptyDir: {}