diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..26533ea1 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,29 @@ +# # # # Copyright (c) 2023, Oracle and/or its affiliates. +# # # # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + with: + charts_dir: charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.gitignore b/.gitignore index 663c67b1..3e6dd831 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + .DS_Store #### @@ -54,4 +57,9 @@ terraform.rc # Ignore util dir logan/util/* +# helm-chart +charts/oci-onm/Chart.lock +charts/oci-onm/charts/ +# zip artifacts +releases/ \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..4b542536 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.3.0 + hooks: + - id: check-yaml + args: [--allow-multiple-documents] + exclude: '^charts/.*/templates/' + - id: end-of-file-fixer + - id: trailing-whitespace + #- id: check-json + - id: check-merge-conflict + - id: check-symlinks + #- repo: https://github.com/Lucas-C/pre-commit-hooks + # rev: v1.5.1 + # hooks: + # - id: insert-license + # exclude: '*.json|*.txt|.*.md|.*.txt|.pre-commit-config.yaml' + # args: + # - --license-filepath + # - ./docs/license-short.txt +- repo: https://github.com/norwoodj/helm-docs + rev: v1.2.0 + hooks: + - id: helm-docs + args: + - --chart-search-root=charts + # The `./` makes it relative to the chart-search-root set above + #- --template-files=./_templates.gotmpl diff --git a/CHANGELOG.md b/CHANGELOG.md index 61f6639e..cf0f8b3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,20 @@ # Change Log -## 2022-02-07 +## 2023-06-14 +### Added +- Kubernetes Metrics Collection to OCI Monitoring using OCI Management Agent. +- Support for Kubernetes Service and EndpointSlice Object logs collection. +### Changed +- Refactoring of helm chart, terraform and stack/market place app to support the consolidation of logs, objects and metrics collection. +### Breaking Changes +- The refactoring work done in this version, may cause issues if you upgrade to this version (v3.0.0) from previous versions. Refer [here](README.md#2x-to-3x) for further details. + +## 2023-02-07 ### Added - Create a new mount (rw) using the value provided for baseDir. -- Expose "encoding" parameter of Fluentd's tail plugin as part of values.yaml, which allows users to override default encoding (ASCII-8BIT) for applicable logs/log types. +- Expose "encoding" parameter of Fluentd's tail plugin as part of values.yaml, which allows users to override default encoding (ASCII-8BIT) for applicable logs/log types. - Partial CRI logs handling. -- Oracle Resource Manager / Terraform support for deploying the solution. +- Oracle Resource Manager / Terraform support for deploying the solution. ### Changed - Modified /var/log to mount as readonly by default, except when /var/log is set as baseDir (to store Fluentd state, buffer etc.,). ### Breaking Changes @@ -13,8 +22,8 @@ ## 2022-08-30 ### Added -- Helm chart templatisation/parameterisation to provide granular level control on the chart and its values. -- Support for custom ServiceAccount. +- Helm chart templatisation/parameterisation to provide granular level control on the chart and its values. +- Support for custom ServiceAccount. ### Breaking Changes - If you have not modified any of the templates values.yaml for any customisation including custom Fluentd configuration etc., then upgrading to this version is a non breaking change. In case, if you have any modifications or customisations, then you may need to adjust those according to the new templatisation format before upgrading to this version. @@ -35,7 +44,7 @@ - Pod Annotations based customiation of configuration paremeters (oci_la_log_source_name, oci_la_log_group_id, oci_la_entity_id) for logs collected through "Kubernetes Container Generic Logs". - README update for custom configuration documentation. - Flush interval and timeout label configuration for Concat plugin section. - + ## 2022-02-24 ### Added - Oracle Linux 8 based Docker Image support. diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..1abc8f8d --- /dev/null +++ b/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. diff --git a/README.md b/README.md index 013272e4..006d878f 100644 --- a/README.md +++ b/README.md @@ -1,519 +1,375 @@ -# Monitoring Solution for Kubernetes +# OCI Kubernetes Monitoring Solution -## About +OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on OCI Logging Analytics cloud service, OCI Monitoring, OCI Management Agent and Fluentd. -This provides an end-to-end monitoring solution for Oracle Container Engine for Kubernetes (OKE) and other forms of Kubernetes Clusters using Logging Analytics, Monitoring and other Oracle Cloud Infrastructure (OCI) Services. +It enables DevOps, Cloud Admins, Developers, and Sysadmins to -![Kubernetes Cluster Summary Dashboard](logan/images/kubernetes-cluster-summary-dashboard.png) - -![Kubernetes Nodes Dashboard](logan/images/kubernetes-nodes-dashboard.png) - -![Kubernetes Workloads Dashboard](logan/images/kubernetes-workloads-dashboard.png) - -![Kubernetes Pods Dashboard](logan/images/kubernetes-pods-dashboard.png) - -## Logs - -This solutions offers collection of various logs of a Kubernetes cluster into OCI Logging Analytics and offer rich analytics on top of the collected logs. Users may choose to customise the log collection by modifying the out of the box configuration that it provides. - -### Kubernetes System/Service Logs - -OKE or Kubernetes comes up with some built-in services where each one has different responsibilities and they run on one or more nodes in the cluster either as Deployments or DaemonSets. - -The following service logs are configured to be collected out of the box: -- Kube Proxy -- Kube Flannel -- Kubelet -- CoreDNS -- CSI Node Driver -- DNS Autoscaler -- Cluster Autoscaler -- Proxymux Client - -### Linux System Logs - -The following Linux system logs are configured to be collected out of the box: -- Syslog -- Secure logs -- Cron logs -- Mail logs -- Audit logs -- Ksplice Uptrack logs -- Yum logs - -### Control Plane Logs - -The following are various Control Plane components in OKE/Kubernetes. -- Kube API Server -- Kube Scheduler -- Kube Controller Manager -- Cloud Controller Manager -- etcd +* Continuously monitor health and performance +* Troubleshoot issues and identify their root causes +* Optimize IT environment based on long term data +* Identify configuration, and security issues -At present, control plane logs are not covered as part of out of the box collection, as these logs are not exposed to OKE customers. -The out of the box collection for these logs will be available soon for generic Kubernetes clusters and for OKE (when OKE makes these logs accessible to end users). +across their entire environment - using Logs, Metrics, and Object metadata. -### Application Pod/Container Logs +It does extensive enrichment of logs, metrics and object information to enable cross correlation across entities from different tiers in OCI Logging Analytics. A collection of dashboards is provided to get users started quickly. -All the logs from application pods writing STDOUT/STDERR are typically available under /var/log/containers/. -Application which are having custom log handlers (say log4j or similar) may route their logs differently but in general would be available on the node (through a volume). +## Dashboards -## Kubernetes Objects - -"Kubernetes objects are persistent entities in the Kubernetes system. Kubernetes uses these entities to represent the state of your cluster. Specifically, they can describe: -- What containerized applications are running (and on which nodes) -- The resources available to those applications -- The policies around how those applications behave, such as restart policies, upgrades, and fault-tolerance" - -*Reference* : [Kubernetes Objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) - -The following are the list of objects supported at present: -- Nodes -- Namespaces -- Pods -- DaemonSets -- Deployments -- ReplicaSets -- Events - -## Installation Instructions - -### Deploy using Oracle Resource Manager - -> **_NOTE:_** If you aren't already signed in, when prompted, enter the tenancy and user credentials. Review and accept the terms and conditions. If you aren't on-boarded to OCI Logging Analytics, refer to [Pre-requisites](#pre-requisites) section to enable Logging Analytics in the region where you want to deploy the stack. The default container image available through the deployment is only for demo/non-production use-cases, we recommend you to refer [Docker Image](#docker-image) section to build your own image. +![Kubernetes Cluster Summary Dashboard](logan/images/kubernetes-cluster-summary-dashboard.png) -- Click to deploy the stack +
+ Expand for more dasshboard screenshots - [![Deploy to Oracle Cloud][orm_button]][oci_kubernetes_monitoring_stack] +![Kubernetes Nodes Dashboard](logan/images/kubernetes-nodes-dashboard.png) -- Select the region and compartment where you want to deploy the stack. +![Kubernetes Workloads Dashboard](logan/images/kubernetes-workloads-dashboard.png) -- Follow the on-screen prompts and instructions to create the stack. +![Kubernetes Pods Dashboard](logan/images/kubernetes-pods-dashboard.png) -- After creating the stack, click Terraform Actions, and select Plan. +
-- Wait for the job to be completed, and review the plan. -- To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again. +## Get Started :rocket: -- If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply. +:stop_sign: Upgrading to a major version (like 2.x to 3.x)? See [upgrade](#upgrading-to-a-major-version) section below for details. :warning: ### Pre-requisites -- Logging Analytics Service must be enabled in the given OCI region before trying out the following Solution. Refer [Logging Analytics Quick Start](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/quick-start.html) for details. -- Create a Logging Analytics LogGroup(s) if not have done already. Refer [Create Log Group](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/create-logging-analytics-resources.html#GUID-D1758CFB-861F-420D-B12F-34D1CC5E3E0E). -- Enable access to the log group(s) to uploads logs from Kubernetes environment: - - For InstancePrincipal based AuthZ (recommended for OKE and Kubernetes clusters running on OCI): - - Create a dynamic group including relevant OCI Instances. Refer [this](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm) for details about managing dynamic groups. - - Add an IAM policy like, - ``` - Allow dynamic-group to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment - ``` - - For Config file based (user principal) AuthZ: - - Add an IAM policy like, - ``` - Allow group to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment - ``` - -### Docker Image - -We are in the process of building a docker image based off Oracle Linux 8 including Fluentd, OCI Logging Analytics Output Plugin and all the required dependencies. -All the dependencies will be build from source and installed into the image. This image soon would be available to use as a pre-built image as is (OR) to create a custom image using this image as a base image. -At present, follow the below mentioned steps to build an image either using Dockerfile off Oracle Linux 8 as base image (OR) Dockerfile off Fluentd base image from Dockerhub (off Debian). -- Download all the files from one of the below mentioned dirs into a local machine having access to internet. - - [OL8](logan/docker-images/v1.0/oraclelinux/8/) - - [Debian](logan/docker-images/v1.0/debian/) -- Run the following command to build the docker image. - - *docker build -t fluentd_oci_la -f Dockerfile .* -- The docker image built from the above step, can either be pushed to Docker Hub or OCI Container Registry (OCIR) or to a Local Docker Registry depending on the requirements. - - [How to push the image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub) - - [How to push the image to OCIR](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html). - - [How to push the image to Local Registry](https://docs.docker.com/registry/deploying/). - -### Deploying Kuberenetes resources using Kubectl - -#### Pre-requisites - -- A machine having kubectl installed and setup to point to your Kubernetes environment. - -#### To enable Logs collection - -Download all the yaml files from [this dir](logan/kubernetes-resources/logs-collection/). -These yaml files needs to be applied using kubectl to create the necessary resources that enables the logs collection into Logging Analytics through a Fluentd based DaemonSet. - -##### configmap-docker.yaml | configmap-cri.yaml - -- This file contains the necessary out of the box fluentd configuration to collect Kubernetes System/Service Logs, Linux System Logs and Application Pod/Container Logs. -- Some log locations may differ for Kubernetes clusters other than OKE, EKS and may need modifications accordingly. -- Use configmap-docker.yaml for Kubernetes clusters based off Docker runtime (e.g., OKE < 1.20) and configmap-cri.yaml for Kubernetes clusters based off CRI-O. -- Inline comments are available in the file for each of the source/filter/match blocks for easy reference for making any changes to the configuration. -- Refer [this](https://docs.oracle.com/en/learn/oci_logging_analytics_fluentd/) to learn about each of the Logging Analytics Fluentd Output plugin configuration parameters. -- **Note**: A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. - It is recommended to define and use a LogSource/LogParser at Logging Analytics for a given log type and then modify the configuration accordingly. - When adding a configuration (Source, Filter section) for any new container log, also exclude the log path from generic log collection, - by adding the log path to *exclude_path* field in *in_tail_containerlogs* source block. This is to avoid the duplicate collection of logs through generic log collection. - Refer [this](#custom-configuration) section for further details. - -##### fluentd-daemonset.yaml - -- This file has all the necessary resources required to deploy and run the Fluentd docker image as Daemonset. -- Inline comments are available in the file describing each of the fields/sections. -- Make sure to replace the fields with actual values before deploying. -- At minimum, , , needs to be updated. -- It is recommended to update , too, to tag all the logs processed with corresponding Kubernetes cluster at Logging Analytics. - -##### secrets.yaml (Optional) - -- At present, InstancePrincipal and OCI Config File (UserPrincipal) based Auth/AuthZ are supported for Fluentd to talk to OCI Logging Analytics APIs. -- We recommend to use InstancePrincipal based AuthZ for OKE and all clusters which are running on OCI VMs and that is the default auth type configured. -- Applying this file is not required when using InstancePrincipal based auth type. -- When config file based Authz is used, modify this file to fill out the values under config section with appropriate values. - -##### Commands Reference - -Apply the yaml files in the sequence of configmap-docker.yaml(or configmap-cri.yaml), secrets.yaml (not required for default auth type) and fluentd-daemonset.yaml. - -``` -$ kubectl apply -f configmap-docker.yaml -configmap/oci-la-fluentd-logs-configmap created - -$ kubectl apply -f secrets.yaml -secret/oci-la-credentials-secret created - -$ kubectl apply -f fluentd-daemonset.yaml -serviceaccount/oci-la-fluentd-serviceaccount created -clusterrole.rbac.authorization.k8s.io/oci-la-fluentd-logs-clusterrole created -clusterrolebinding.rbac.authorization.k8s.io/oci-la-fluentd-logs-clusterrolebinding created -daemonset.apps/oci-la-fluentd-daemonset created -``` - -Use the following command to restart DaemonSet after applying any modifications to configmap or secrets to reflect the changes into the Fluentd. +* OCI Logging Analytics service must be onboarded with the minumum required policies, in the OCI region where you want to monitor. Refer [Logging Analytics Quick Start](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/quick-start.html) for details. +* Create OCI Logging Analytics LogGroup(s) if not done already. Refer [Create Log Group](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/create-logging-analytics-resources.html#GUID-D1758CFB-861F-420D-B12F-34D1CC5E3E0E) for details. +* OCI Dynamic Groups, User Group and Policies. +
+ Details + + * Create a dynamic group with the following sample rule for OCI Management Agent. Refer [Managing Dynamic Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm) for details. + ``` + ALL {resource.type='managementagent', resource.compartment.id='OCI Management Agent Compartment OCID'} + ``` + * Create a dynamic group with following sample rule for OKE Instances. + ``` + ALL {instance.compartment.id='OCI Management Agent Compartment OCID'} + ``` + - **Note**: _This dynamic group is not required for non OKE or when you choose to use Config file based AuthZ for monitoring the logs._ + * Create a user and user group using which the logs to be published to OCI Logging Analytics. Refer [Managing Users](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingusers.htm) and [Managing User Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managinggroups.htm) for details. + - **Note**: _This is not required for OKE when you choose to use the default (Instance princiapal) AuthZ mechanism._ + * Create a policy with following statements. + * Policy Statement for providing necessary access to upload the metrics. + ``` + Allow dynamic-group to use metrics in compartment WHERE target.metrics.namespace = 'mgmtagent_kubernetes_metrics' + ``` + * Policy Statement for providing necessary access to upload the logs and objects data. + ``` + Allow dynamic-group to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment + ``` + OR + ``` + Allow group to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment + ``` +
-``` -kubectl rollout restart daemonset oci-la-fluentd-daemonset -n=kube-system -``` +### Installation instructions -#### To enable Kubernetes Objects collection +#### Multiple methods of installation are avialble, with following differences: -Download all the yaml files from [this dir](logan/kubernetes-resources/objects-collection/). -These yaml files needs to be applied using kubectl to create the necessary resources that enables the Kuberetes Objects collection into Logging Analytics. +| Deployment Method | Supported Environments | Collection Automation | Dashboards | Customzations | +| ----| :----:| :----:| :---: | ---| +| Helm | All* | :heavy_check_mark: | Manual| Full Control (Recommended) +| OCI Resource Manager | OKE | :heavy_check_mark:| :heavy_check_mark: | Partial Control +| Terraform | OKE | :heavy_check_mark: | :heavy_check_mark: | Partial Control +| kubectl | All* | Manual | Manual | Full Control (Not recommended) -##### configMap-objects.yaml +\* For some environments, modification of the configuration may be required. -- This file contains the necessary out of the box fluentd configuration to collect Kubernetes Objects. -- Refer [this](https://docs.oracle.com/en/learn/oci_logging_analytics_fluentd/) to learn about each of the Logging Analytics Fluentd Output plugin configuration parameters. +#### Helm -##### fluentd-deployment.yaml +##### 0 Pre-requisites -Refer [this](#fluentd-daemonsetyaml) section. +* Workstation or OCI Cloud Shell with access configured to the target k8s cluster. +* Helm ([Installation instructions](https://helm.sh/docs/intro/install/)). -##### secrets.yaml (Optional) +##### 1 Download helm chart -Refer [this](#secretsyaml-optional) section. +* [latest](https://github.com/oracle-quickstart/oci-kubernetes-monitoring/releases/latest/download/helm-chart.tgz) +* Go to [releases](https://github.com/oracle-quickstart/oci-kubernetes-monitoring/releases) for a specific version. -##### Commands Reference +##### 2 Update values.yaml -Apply the yaml files in the sequence of configmap-objects.yaml, secrets.yaml (not required for default auth type) and fluentd-deployment.yaml. +* Create override_values.yaml, to override the minimum required variables in values.yaml. + - override_values.yaml + ``` + global: + # -- OCID for OKE cluster or a unique ID for other Kubernetes clusters. + kubernetesClusterID: + # -- Provide a unique name for the cluster. This would help in uniquely identifying the logs and metrics data at OCI Logging Analytics and OCI Monitoring respectively. + kubernetesClusterName: + + oci-onm-logan: + # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. + ociLANamespace: + # OCI Logging Analytics Log Group OCID + ociLALogGroupID: + + oci-onm-mgmt-agent: + mgmtagent: + # Provide the base64 encoded content of the Management Agent Install Key file + installKeyFileContent: + ``` +* **Refer to the oci-onm chart and sub-charts values.yaml for customising or modifying any other configuration.** It is recommended to not modify the values.yaml provided with the charts, instead use override_values.yaml to achieve the same. + +##### 3.a Install helm release +Use the following `helm install` command to the install the chart. Provide a desired release name, path to override_values.yaml and path to helm chart. ``` -$ kubectl apply -f configmap-objects.yaml -configmap/oci-la-fluentd-objects-configmap configured - -$ kubectl apply -f fluentd-deployment.yaml -serviceaccount/oci-la-fluentd-serviceaccount unchanged -clusterrole.rbac.authorization.k8s.io/oci-la-fluentd-objects-clusterrole created -clusterrolebinding.rbac.authorization.k8s.io/oci-la-fluentd-objects-clusterrolebinding created -deployment.apps/oci-la-fluentd-deployment created +helm install --values ``` +Refer [this](https://helm.sh/docs/helm/helm_install/) for further details on `helm install`. -Use the following command to restart Deployment after applying any modifications to configmap or secrets to reflect the changes into the Fluentd. +##### 3.b Upgrade helm release +Use the following `helm upgrade` command if any further changes to override_values.yaml needs to be applied or a new chart version needs to be deployed. ``` -kubectl rollout restart deployment oci-la-fluentd-deployment -n=kube-system +helm upgrade --values ``` +Refer [this](https://helm.sh/docs/helm/helm_upgrade/) for further details on `helm upgrade`. -### Deploying Kuberenetes resources using Helm - -#### Pre-requisites - -- Install helm if not done already. Refer [this](https://helm.sh/docs/intro/install/). -- Download the helm chart from [this dir](logan/helm-chart/). - -#### values.yaml +##### 3.c Import Dashboards -- This file contains all the default values possible to setup the logs and objects collection, but few values needs to be provided either through an external values.yaml file or by modifying this file. It is recommended to use external values.yaml to override any values. -- Inline documentation has the description and possible values for each of the configuration parameters. -- At minimum, the following needs to be set accordingly. image:url, ociLANamespace, ociLALogGroupID. It is recommended to set kubernetesClusterID and kubernetesClusterName too, to tag all the logs processed with corresponding Kubernetes cluster at Logging Analytics. -- Use "docker" as runtime for Kubernetes clusters based off Docker runtime (e.g., OKE < 1.20) and "cri" for Kubernetes clusters based off CRI-O. The default is "cri". -- Use "InstancePrincipal" as authtype for OKE and all clusters which are running on OCI VMs and "config" as authtype for OCI Config file based Auth/AuthZ. config under oci section needs to be updated with relevant info when authtype is chosen as "config". The default is "InstancePrincipal". +Dashboards needs to be imported manually. Below is an example for importing Dashboards using OCI CLI. -#### Commands Reference - -It is recommended to validate the values using the following `helm template` command before actually installing. Provide path to exterval values.yaml and path to helm-chart. - -``` -helm template --values -``` - -Now, the chart can be installed using the following `helm install` command. Provide a desired release name, path to exterval values.yaml and path to helm-chart. +1. Download and configure [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) or open cloud-shell where OCI CLI is pre-installed. Alternative methods like REST API, SDK, Terraform etc can also be used. +2. Find the **OCID** of the compartment, where the dashboards need to be imported. +3. Download the dashboard JSONs from [here](logan/terraform/oke/modules/dashboards/dashboards_json/) (TBD). +4. **Replace** all the instances of the keyword - "`${compartment_ocid}`" in the JSONs with the **Compartment OCID** identified in previous step. + * Following command is for quick reference that can be used in a linux/cloud-shell envirnment : -``` -helm install --values -``` + ``` + sed -i "s/\${compartment_ocid}//g" *.json + ``` -Use the following `helm upgrade` command if any further changes to values.yaml needs to be applied or a new chart version needs to be deployed. Refer [this](https://helm.sh/docs/helm/helm_upgrade/) for further details on `helm upgrade`. +5. Run the following commands to import the dashboards. -``` -helm upgrade --values -``` + ``` + oci management-dashboard dashboard import --from-json file://cluster.json + oci management-dashboard dashboard import --from-json file://node.json + oci management-dashboard dashboard import --from-json file://workload.json + oci management-dashboard dashboard import --from-json file://pod.json + ``` -Use the following `helm uninstall` command to delete the chart. Provide the release name used when creating the chart. +##### 4 Uninstall +Use the following `helm uninstall` command to uninstall the chart. Provide the release name used when creating the chart. ``` -helm uninstall +helm upgrade --values ``` - -## Custom Configuration +Refer [this](https://helm.sh/docs/helm/helm_uninstall/) for further details on `helm uninstall`. + +#### OCI Resource Manager -### How to use custom logSource (oci_la_log_source_name) and/or other custom configuration for Pod/Container Logs collected through "Kubernetes Container Generic Logs" logSource ? +Launch OCI Resource Manager Stack in OCI Tenancy and Region of the OKE Cluster, which you want to monitor. -A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. -This is to ensure that all the logs generated by all pods are collected and pushed to Logging Analytics. -Often you may need to configure a custom logSource for a particular pod log, either by using one of the existing OOB logSources at Logging Analytics or by defining one custom logSource matching to the requirements. -Once you have defined/identified a logSource for a particular pod log, the following are couple of ways to get those pod logs associated to the logSource. +[![Launch OCI Resource Manager Stack][orm_button]][oci_kubernetes_monitoring_stack] -#### Through Pod Annotations +
+ Instructions + + * Select the region and compartment where you want to deploy the stack. + * Follow the on-screen prompts and instructions to create the stack. + * After creating the stack, click Terraform Actions, and select Plan. + * Wait for the job to be completed, and review the plan. + * To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again. + * If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply. + +
+ +#### Kubectl -In this approach, all that you need to do is add the following annotation, "oracle.com/oci_la_log_source_name" (with logSourceName as value) to all the pods of choice. -This approach works for all the use-cases, except for multi-line plain text formatted logs. +
+ While the recommended approach for installation is through helm, if you intend to use `kubectl` based installation, then the resource yaml files can still be generated through `helm` using the instructions provided below. -- Refer [this doc](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to find how to add the annotation through Pod's metadata section. This is the recommended approach as it provides the persistent behavior. -- Refer [this doc](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#annotate) to find how to add annotation through 'kubectl annotate' command. You may use this approach for quick testing. +##### 0 Pre-requisites -**Note** The following configuration parameters are supported for customisation through Pod Annotations in addition to logSource, - - oracle.com/oci_la_log_group_id => to use custom logGroupId (oci_la_log_group_id) - - oracle.com/oci_la_entity_id => to use custom entityId (oci_la_entity_id) +* Workstation or OCI Cloud Shell with access configured to the target k8s cluster. +* Helm ([Installation instructions](https://helm.sh/docs/intro/install/)). +* Kubectl ([Installation instructions](https://kubernetes.io/docs/tasks/tools/#kubectl)). -#### Through customLogs section +##### 1 Download helm chart -In this approach, all that you need to do is to provide the necessary configuration information like log file path, logSource, multiline start regular expression (in case of multi-line logs) in the customLogs section of values.yaml. -Using this information the corresponding Fluentd configuration is generated automatically. +Refer [here](#1-download-helm-chart). -**Note** This approach is valid only when using helm chart based installation. +##### 2 Update values.yaml -The following example demonstrates a container customLogs configuration -``` - #custom-id1: - #path: /var/log/containers/custom*.log - #ociLALogSourceName: "Custom1 Logs" - #multilineStartRegExp: - # Set isContainerLog to false if the log is not a container log (/var/log/containers/*.log). Default value is true. - #isContainerLog: true -``` - -The following example demonstrates a non container customLogs configuration -``` - #custom-id2: - #path: /var/log/custom/*.log - #ociLALogSourceName: "Custom2 Logs" - #multilineStartRegExp: - # Set isContainerLog to false if the log is not a container log (/var/log/containers/*.log). Default value is true. - #isContainerLog: false -``` - -#### Through Custom Fluentd conf - -In this approach, a new set of Source, Filter sections have to be created in the customFluentdConf section of values.yaml. -The following example demonstrates a custom fluentd config to tag /var/log/containers/frontend*.log with logSource "Guestbook Frontend Logs" -(*to be added to helm-chart values.yaml, under customFluentdConf section if using helm chart OR to either of configmap-cri.yaml / configmap-docker.yaml if using kubectl approach). +Refer [here](#2-update-valuesyaml). + +##### 3.a Generate yamls +Use the following `helm template` command to generate the resource yaml files. Provide path to override_values.yaml, path to helm chart and path to a dir where the yaml files to be generated. ``` - - @type tail - @id in_tail_frontend - path_key tailed_path - path /var/log/containers/frontend-*.log - pos_file /var/log/oci_la_fluentd_outplugin/pos/frontend.logs.pos - tag oci.oke.frontend.* - read_from_head "#{ENV['FLUENT_OCI_READ_FROM_HEAD'] || true}" - - {{- if eq $runtime "docker" }} - @type json - {{- else}} - @type cri - {{- end }} - - - - # Record transformer filter to apply Logging Analytics configuration to each record. - - @type record_transformer - enable_ruby true - - oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_NAME'] || 'UNDEFINED'}", "Kubernetes Cluster ID": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_ID'] || 'UNDEFINED'}"{{"}}"}} - oci_la_log_group_id "#{ENV['FLUENT_OCI_KUBERNETES_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}" - oci_la_log_path "${record['tailed_path']}" - oci_la_log_source_name "Guestbook Frontend Logs" - {{- if eq $runtime "docker" }} - message "${record['log']}" - {{- end }} - tag ${tag} - - +helm template --values --output-dir ``` -**Note**: The log path */var/log/containers/frontend-*.log* has to be excluded from the generic container logs to avoid duplicate log collection. Add the log path to *exclude_path* value under *in_tail_containerlogs* source section. - -In addition to the above, you may need to modify the source section to add *multiline* parser, if the logs are of plain text multi-line format (OR) add a concat plugin filter if the logs are of say multi-line but wrapped in json. -Refer OOB fluentd config in the helm-chart values.yaml for examples. - +Refer [this](https://helm.sh/docs/helm/helm_template/) for further details on `helm template`. + +##### 3.b Install -### How to use your own ServiceAccount ? +Use `kubectl` tool to apply the yaml files generated in the previous step in the following order. -**Note**: This is supported only through the helm chart based deployment. +* oci-onm-common + ``` + kubectl apply -f namespace.yaml + kubectl apply -f clusterrole.yaml + kubectl apply -f clusterrolebinding.yaml + kubectl apply -f serviceAccount.yaml + ``` +* oci-onm-logan + ``` + kubectl apply -f logs-configmap.yaml + kubectl apply -f objects-configmap.yaml + kubectl apply -f fluentd-daemonset.yaml + kubectl apply -f fluentd-deployment.yaml + ``` + _For non OKE or when you choose to use Config file based AuthZ for monitoring the logs, you may need to apply oci-config-secret.yaml before applying fluentd-daemonset.yaml & fluentd-deployment.yaml. Refer [here](docs/FAQ.md#how-to-use-configfile-based-authz-user-principal-instead-of-default-authz-instance-principal-) for how to configure Config based AuthZ._ +* oci-onm-mgmt-agent + ``` + kubectl apply -f mgmt-agent-secrets.yaml + kubectl apply -f metrics-configmap.yaml + kubectl apply -f mgmt-agent-statefulset.yaml + kubectl apply -f mgmt-agent-headless-service.yaml + kubectl apply -f metric_server.yaml + ``` -By default, a cluster role, cluster role binding and serviceaccount will be created for the Fluentd pods to access (readonly) various objects within the cluster for supporting logs and objects collection. However, if you want to use your own serviceaccount, you can do the same by setting the "createServiceAccount" variable to false and providing your own serviceaccount in the "serviceAccount" variable. Ensure that the serviceaccount should be in the same namespace as the namespace used for the whole deployment. The namespace for the whole deployment can be set using the "namespace" variable, whose default value is "kube-system". +##### 3.c Import Dashboards -The serviceaccount must be binded to a cluster role defined in your cluster, which allows access to various objects metadata. The following sample is a recommended minimalistic role definition as of chart version 2.0.0. - -``` -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: oci-la-fluentd-generic-clusterrole -rules: - - apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch - - apiGroups: - - apps - - batch - resources: - - '*' - verbs: - - get - - list - - watch -``` - -Once you have the cluster role defined, to bind the cluster role to your serviceaccount use the following cluster role binding definition. - -``` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: oci-la-fluentd-generic-clusterrolebinding -roleRef: - kind: ClusterRole - name: oci-la-fluentd-generic-clusterrole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: - namespace: -``` +Refer [here](#3c-import-dashboards). + +
-### How to set encoding for logs ? +### Upgrading to a major version -**Note**: This is supported only through the helm chart based deployment. +#### 2.x to 3.x -By default Fluentd tail plugin that is being used to collect various logs has default encoding set to ASCII-8BIT. To overrided the default encoding, use one of the following approaches. +One of the major changes introduced in 3.0.0 is refactoring of helm chart where major features of the solution got split into separate sub-charts. 2.x has only support for logs and objects collection using Fluentd and OCI Logging Analytics and this is now moved into a separate chart oci-onm-logan and included as a sub-chart to the main chart oci-onm. This is a breaking change w.r.t the values.yaml and any customisations that you might have done on top of it. There is no breaking change w.r.t functionality offered in 2.x. For full list of changes in 3.x, refer to [changelog](CHANGELOG.md). -#### Global level +You may fall into one of the below categories and may need to take actions accordingly. + +##### Have no customisations to the existing chart or values.yaml -Set value for encoding under fluentd:tailPlugin section of values.yaml, which applies to all the logs being collected from the cluster. +We recommend you to uninstall the release created using 2.x chart and follow the installation instructions mentioned [here](#helm) for installing the release using 3.x chart. -``` -fluentd: - ... - ... - tailPlugin: +###### Sample 2.x values.yaml (external or override yaml to update the mandatory variables) + + image: + url: + imagePullPolicy: Always + ociLANamespace: + ociLALogGroupID: ocid1.loganalyticsloggroup.oc1.phx.amaaaaaa...... + kubernetesClusterID: ocid1.cluster.oc1.phx.aaaaaaaaa....... + kubernetesClusterName: + +###### Sample 3.x values.yaml + + global: + # -- OCID for OKE cluster or a unique ID for other Kubernetes clusters. + kubernetesClusterID: ocid1.cluster.oc1.phx.aaaaaaaaa....... + # -- Provide a unique name for the cluster. This would help in uniquely identifying the logs and metrics data at OCI Logging Analytics and OCI Monitoring respectively. + kubernetesClusterName: + + oci-onm-logan: + # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. + ociLANamespace: + # OCI Logging Analytics Log Group OCID + ociLALogGroupID: ocid1.loganalyticsloggroup.oc1.phx.amaaaaaa...... + +##### Have customisations to the existing chart or values.yaml + +If you have modified values.yaml provided in helm chart directly, we recommend you to identify all the changes and move them to override_values.yaml and follow the instructions provided in install or upgrade sections under [this](#helm). We recommend you to use override_values.yaml for updating values for any variables or to incorporate any customisations on top of existing values.yaml. + +If you are already using a separate values.yaml for your customisations, you still need to compare 2.x vs 3.x variable heirarchy and make the necessary changes accordingly. + +
+ Examples + +##### Example 1: Using docker runtime instead of default runtime (cri) + + **2.x** + + runtime: docker + image: + url: + imagePullPolicy: Always + ociLANamespace: + ociLALogGroupID: ocid1.loganalyticsloggroup.oc1.phx.amaaaaaa...... + kubernetesClusterID: ocid1.cluster.oc1.phx.aaaaaaaaa....... + kubernetesClusterName: + + **3.x** + + global: + # -- OCID for OKE cluster or a unique ID for other Kubernetes clusters. + kubernetesClusterID: ocid1.cluster.oc1.phx.aaaaaaaaa....... + # -- Provide a unique name for the cluster. This would help in uniquely identifying the logs and metrics data at OCI Logging Analytics and OCI Monitoring respectively. + kubernetesClusterName: + + oci-onm-logan: + runtime: docker + # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. + ociLANamespace: + # OCI Logging Analytics Log Group OCID + ociLALogGroupID: ocid1.loganalyticsloggroup.oc1.phx.amaaaaaa...... + + ##### Example 2: Customisation of a specific log + + **2.x** + ... ... - encoding: -``` - -#### Specific log type level - -The encoding can be set at invidivual log types like kubernetesSystem, linuxSystem, genericContainerLogs, which applies to all the logs under the specific log type. - -``` -fluentd: - ... - ... - kubernetesSystem: + custom-log1: + path: /var/log/containers/custom-1.log + ociLALogSourceName: "Custom1 Logs" + #multilineStartRegExp: + isContainerLog: true ... ... - encoding: -``` -``` -fluentd: - ... - ... - genericContainerLogs: + **3.x** + ... ... - encoding: -``` + oci-onm-logan: + ... + ... + custom-log1: + path: /var/log/containers/custom-1.log + ociLALogSourceName: "Custom1 Logs" + #multilineStartRegExp: + isContainerLog: true + ... + ... + ... + ... + + *The difference is all about moving the required configuration (variable definitions) under oci-onm-logan section appropriately.* + +
+ +## Getting Help -#### Specific log level +#### [Ask a question](https://github.com/oracle-quickstart/oci-kubernetes-monitoring/discussions/new?category=q-a) -The encoding can be set at individual log level too, which takes precedence over all others. +## Resources -``` -fluentd: - ... - ... - kubernetesSystem: - ... - ... - logs: - kube-proxy: - encoding: -``` +#### :question: [Frequently Asked Questions](./docs/FAQ.md) -``` -fluentd: - ... - ... - customLogs: - custom-log1: - ... - ... - encoding: - ... - ... -``` +#### [Custom Logs Configuration](./docs/custom-logs.md) -## Importing Logging Analytics Kubernetes Dashboards +#### [Building Custom Container Images](./docs/custom-images.md) -The Dashboards are imported as part of deploying the Kubernetes solution using [Oracle Resource Manager stack](#deploy-using-oracle-resource-manager). The following steps can be used to import the Dashboards manually to your tenancy. +## License -1. Download and configure [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) or open cloud-shell where OCI CLI is pre-installed. Alternative methods like REST API, SDK, Terraform etc can also be used. -1. Find the **OCID** of compartment, where the dashboards need to be imported. -1. Download the dashboard JSONs from [here](logan/terraform/oke/modules/dashboards/dashboards_json/). -1. **Replace** all the instances of the keyword - "`${compartment_ocid}`" in the JSONs with the **Compartment OCID** identified in STEP 2. - - Following are the set of commands for quick reference that can be used in a linux/cloud-shell envirnment : +Copyright (c) 2023, Oracle and/or its affiliates. +Licensed under the Universal Permissive License v1.0 as shown at . - ``` - sed -i "s/\${compartment_ocid}//g" file://cluster.json - sed -i "s/\${compartment_ocid}//g" file://node.json - sed -i "s/\${compartment_ocid}//g" file://workload.json - sed -i "s/\${compartment_ocid}//g" file://pod.json - ``` -1. Run the following commands to import the dashboards. +## [Contributors][def] - ``` - oci management-dashboard dashboard import --from-json file://cluster.json - oci management-dashboard dashboard import --from-json file://node.json - oci management-dashboard dashboard import --from-json file://workload.json - oci management-dashboard dashboard import --from-json file://pod.json - ``` +[def]: https://github.com/oracle-quickstart/oci-kubernetes-monitoring/graphs/contributors [orm_button]: https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml new file mode 100644 index 00000000..f969495b --- /dev/null +++ b/charts/common/Chart.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v2 +name: oci-onm-common +description: Common resources for OCI Kubernetes Monitoring solution helm charts +type: application +version: 3.0.0 +appVersion: "3.0.0" diff --git a/charts/common/README.md b/charts/common/README.md new file mode 100644 index 00000000..310eaa02 --- /dev/null +++ b/charts/common/README.md @@ -0,0 +1,17 @@ +# oci-onm-common + +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) + +Common resources for OCI Kubernetes Monitoring solution helm charts + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| createNamespace | bool | `true` | Automatically create namespace for all resources (namespaced) used by OCI Kubernetes Monitoring Solution. | +| createServiceAccount | bool | `true` | Automatically create, a readonly cluster role, cluster role binding and serviceaccount is required # to read various cluster objects for monitoring. If set to false serviceaccount value must be provided in the parent chart. Refer, README for the cluster role definition and other details. | +| namespace | string | `"oci-onm"` | Kubernetes Namespace for creating serviceaccount. Default: oci-onm | +| resourceNamePrefix | string | `"oci-onm"` | Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/common/templates/_helpers.tpl b/charts/common/templates/_helpers.tpl new file mode 100644 index 00000000..ef8035e6 --- /dev/null +++ b/charts/common/templates/_helpers.tpl @@ -0,0 +1,49 @@ + +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +# tpl render function +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +# Prefix for all resources created using this chart. +{{- define "common.resourceNamePrefix" -}} + {{- if .Values.resourceNamePrefix -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.resourceNamePrefix "context" .) | trunc 63 | trimSuffix "-" }} + {{- else -}} + {{- "oci-onm" -}} + {{- end -}} +{{- end -}} + +#createNamespace +{{- define "common.createNamespace" -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.createNamespace "context" .) }} +{{- end -}} + +# namespace +{{- define "common.namespace" -}} + {{- if .Values.namespace -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.namespace "context" .) }} + {{- else -}} + {{- "oci-onm" -}} + {{- end -}} +{{- end -}} + +#createServiceAccount +{{- define "common.createServiceAccount" -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.createServiceAccount "context" .) }} +{{- end -}} + +#serviceAccount +{{- define "common.serviceAccount" -}} + {{- if .Values.serviceAccount -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.serviceAccount "context" .) }} + {{- else -}} + {{ include "common.resourceNamePrefix" . }} + {{- end -}} +{{- end -}} diff --git a/charts/common/templates/clusterrole.yaml b/charts/common/templates/clusterrole.yaml new file mode 100644 index 00000000..7489230e --- /dev/null +++ b/charts/common/templates/clusterrole.yaml @@ -0,0 +1,32 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{- if eq (include "common.createServiceAccount" .) "true" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "common.resourceNamePrefix" . }} +rules: + - apiGroups: + - "" + resources: + - '*' + verbs: + - get + - list + - watch + - nonResourceURLs: ["/metrics"] + verbs: ["get"] + - apiGroups: + - apps + - batch + - discovery.k8s.io + - metrics.k8s.io + resources: + - '*' + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/common/templates/clusterrolebinding.yaml b/charts/common/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..f720358f --- /dev/null +++ b/charts/common/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{- if eq (include "common.createServiceAccount" .) "true" }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "common.resourceNamePrefix" . }} +roleRef: + kind: ClusterRole + name: {{ include "common.resourceNamePrefix" . }} + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ include "common.resourceNamePrefix" . }} + namespace: {{ include "common.namespace" . }} +{{- end }} diff --git a/charts/common/templates/namespace.yaml b/charts/common/templates/namespace.yaml new file mode 100644 index 00000000..f3e0f150 --- /dev/null +++ b/charts/common/templates/namespace.yaml @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{- if eq (include "common.createNamespace" .) "true" }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ include "common.namespace" . }} +{{- end }} diff --git a/charts/common/templates/serviceAccount.yaml b/charts/common/templates/serviceAccount.yaml new file mode 100644 index 00000000..5ca351e1 --- /dev/null +++ b/charts/common/templates/serviceAccount.yaml @@ -0,0 +1,11 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{- if eq (include "common.createServiceAccount" .) "true" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.serviceAccount" . }} + namespace: {{ include "common.namespace" . }} +{{- end }} diff --git a/charts/common/values.yaml b/charts/common/values.yaml new file mode 100644 index 00000000..5ab34a6d --- /dev/null +++ b/charts/common/values.yaml @@ -0,0 +1,17 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +# -- Automatically create, a readonly cluster role, cluster role binding and +# serviceaccount is required # to read various cluster objects for monitoring. +# If set to false serviceaccount value must be provided in the parent chart. +# Refer, README for the cluster role definition and other details. +createServiceAccount: true + +# -- Automatically create namespace for all resources (namespaced) used by OCI Kubernetes Monitoring Solution. +createNamespace: true + +# -- Kubernetes Namespace for creating serviceaccount. Default: oci-onm +namespace: oci-onm + +# -- Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart +resourceNamePrefix: oci-onm diff --git a/charts/logan/Chart.yaml b/charts/logan/Chart.yaml new file mode 100644 index 00000000..0cb5e02a --- /dev/null +++ b/charts/logan/Chart.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v2 +name: oci-onm-logan +description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics. +type: application +version: 3.0.0 +appVersion: "3.0.0" + +dependencies: +- name: oci-onm-common + version: "3.0.0" + repository: "file://../common" + condition: oci-onm-common.enabled diff --git a/charts/logan/README.md b/charts/logan/README.md new file mode 100644 index 00000000..6e1d6f3b --- /dev/null +++ b/charts/logan/README.md @@ -0,0 +1,89 @@ +# oci-onm-logan + +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) + +Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics. + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | oci-onm-common | 3.0.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| authtype | string | `"InstancePrincipal"` | Allowed values: InstancePrincipal, config | +| extraEnv | list | `[]` | Logging Analytics OCID for OKE Cluster ociLAEntityID: Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. Key must be a valid field in Logging Analytics metadata: "Client Host Region": "PCT" "Environment": "Production" "Third key": "Third Value" @param extra environment variables. Example name: ENV_VARIABLE_NAME value: ENV_VARIABLE_VALUE | +| extraVolumeMounts | list | `[]` | @param extraVolumeMounts Mount extra volume(s). Example: - name: tmpDir mountPath: /tmp | +| extraVolumes | list | `[]` | @param extraVolumes Extra volumes. Example: - name: tmpDir hostPath: path: /tmp log | +| fluentd.baseDir | string | `"/var/log"` | Base directory on the node (with read write permission) for storing fluentd plugins related data. | +| fluentd.customFluentdConf | string | `""` | | +| fluentd.customLogs | string | `nil` | Configuration for any custom logs which are not part of the default configuration defined in this file. All the pod/container logs will be collected as per "genericContainerLogs" section. Use this section to create a custom configuration for any of the container logs. Also, you can use this section to define configuration for any other log path existing on a Kubernetes worker node custom-id1: path: /var/log/containers/custom*.log Logging Analytics log source to use for parsing and processing the logs: ociLALogSourceName: "Custom1 Logs" The regular expression pattern for the starting line in case of multi-line logs. multilineStartRegExp: Set isContainerLog to false if the log is not a container log (/var/log/containers/*.log). Default value is true. isContainerLog: true | +| fluentd.file | string | `"fluent.conf"` | Fluentd config file name | +| fluentd.genericContainerLogs.exclude_path | list | `["\"/var/log/containers/kube-proxy-*.log\"","\"/var/log/containers/kube-flannel-*.log\"","\"/var/log/containers/kube-dns-autoscaler-*.log\"","\"/var/log/containers/coredns-*.log\"","\"/var/log/containers/csi-oci-node-*.log\"","\"/var/log/containers/proxymux-client-*.log\"","\"/var/log/containers/cluster-autoscaler-*.log\""]` | List of log paths to exclude that are already part of other specific configurations defined (like Kube Proxy, Kube Flannel) If you want to create a custom configuration for any of the container logs using the customLogs section, then exclude the corresponding log path here. | +| fluentd.genericContainerLogs.ociLALogSourceName | string | `"Kubernetes Container Generic Logs"` | Default Logging Analytics log source to use for parsing and processing the logs: Kubernetes Container Generic Logs. | +| fluentd.genericContainerLogs.path | string | `"/var/log/containers/*.log"` | | +| fluentd.kubernetesMetadataFilter.ca_file | string | `nil` | Path to CA file for Kubernetes server certificate validation | +| fluentd.kubernetesMetadataFilter.kubernetes_url | string | `nil` | Kubernetes API server URL. Alternatively, environment variables KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT can be used Environment variable are given preference. | +| fluentd.kubernetesMetadataFilter.skip_container_metadata | bool | `false` | Skip the container fields container_image and container_image_id in the metadata. | +| fluentd.kubernetesMetadataFilter.skip_labels | bool | `false` | Skip all label fields from the metadata. | +| fluentd.kubernetesMetadataFilter.skip_master_url | bool | `false` | Skip the master_url field from the metadata. | +| fluentd.kubernetesMetadataFilter.skip_namespace_metadata | bool | `false` | Skip the namespace_id field from the metadata. The fetch_namespace_metadata function will be skipped. The plugin will be faster and cpu consumption will be less. | +| fluentd.kubernetesMetadataFilter.verify_ssl | bool | `true` | Validate SSL certificates | +| fluentd.kubernetesMetadataFilter.watch | bool | `true` | Set up a watch on the pods on the API server for updates to metadata. By default, true. | +| fluentd.kubernetesObjects | object | `{"objectsList":{"cron_jobs":{"api_endpoint":"apis/batch"},"daemon_sets":{"api_endpoint":"apis/apps"},"deployments":{"api_endpoint":"apis/apps"},"events":{"api_endpoint":""},"jobs":{"api_endpoint":"apis/batch"},"namespaces":{"api_endpoint":""},"nodes":{"api_endpoint":""},"pods":{"api_endpoint":""},"replica_sets":{"api_endpoint":"apis/apps"},"stateful_sets":{"api_endpoint":"apis/apps"}}}` | Configuration for collecting Kubernetes Object information. Supported objects are Node, Pod, Namespace, Event, DaemonSet, ReplicaSet, Deployment, StatefulSet, Job, CronJob | +| fluentd.kubernetesSystem.logs.cluster-autoscaler | object | `{"multilineStartRegExp":"/^\\S\\d{2}\\d{2}\\s+[^\\:]+:[^\\:]+:[^\\.]+\\.\\d{0,3}/","ociLALogSourceName":"Kubernetes Autoscaler Logs","path":"/var/log/containers/cluster-autoscaler-*.log"}` | Kubernetes Autoscaler Logs collection configuration | +| fluentd.kubernetesSystem.logs.coredns | object | `{"multilineStartRegExp":"/^\\[[^\\]]+\\]\\s+/","ociLALogSourceName":"Kubernetes Core DNS Logs","path":"/var/log/containers/coredns-*.log"}` | Kubernetes Core DNS Logs collection configuration | +| fluentd.kubernetesSystem.logs.csinode | object | `{"ociLALogSourceName":"Kubernetes CSI Node Driver Logs","path":"/var/log/containers/csi-oci-node-*.log"}` | Kubernetes CSI Node Driver Logs collection configuration | +| fluentd.kubernetesSystem.logs.kube-dns-autoscaler | object | `{"multilineStartRegExp":"/^\\S\\d{2}\\d{2}\\s+[^\\:]+:[^\\:]+:[^\\.]+\\.\\d{0,3}/","ociLALogSourceName":"Kubernetes DNS Autoscaler Logs","path":"/var/log/containers/kube-dns-autoscaler-*.log"}` | Kubernetes DNS Autoscaler Logs collection configuration | +| fluentd.kubernetesSystem.logs.kube-flannel | object | `{"multilineStartRegExp":"/^\\S\\d{2}\\d{2}\\s+[^\\:]+:[^\\:]+:[^\\.]+\\.\\d{0,3}/","ociLALogSourceName":"Kubernetes Flannel Logs","path":"/var/log/containers/kube-flannel-*.log"}` | Kube Flannel logs collection configuration | +| fluentd.kubernetesSystem.logs.kube-proxy | object | `{"multilineStartRegExp":"/^\\S\\d{2}\\d{2}\\s+[^\\:]+:[^\\:]+:[^\\.]+\\.\\d{0,3}/","ociLALogSourceName":"Kubernetes Proxy Logs","path":"/var/log/containers/kube-proxy-*.log"}` | Kube Proxy logs collection configuration | +| fluentd.kubernetesSystem.logs.proxymux | object | `{"ociLALogSourceName":"OKE Proxymux Client Logs","path":"/var/log/containers/proxymux-client-*.log"}` | Proxymux Client Logs collection configuration | +| fluentd.linuxSystem.logs.cronlog | object | `{"multilineStartRegExp":"/^(?:(?:\\d+\\s+)?<([^>]*)>(?:\\d+\\s+)?)?\\S+\\s+\\d{1,2}\\s+\\d{1,2}:\\d{1,2}:\\d{1,2}\\s+/","ociLALogSourceName":"Linux Cron Logs","path":"/var/log/cron*"}` | Linux CRON logs collection configuration | +| fluentd.linuxSystem.logs.kubeletlog | object | `{"ociLALogSourceName":"Kubernetes Kubelet Logs"}` | kubelet logs collection configuration | +| fluentd.linuxSystem.logs.linuxauditlog | object | `{"ociLALogSourceName":"Linux Audit Logs","path":"/var/log/audit/audit*"}` | Linux audit logs collection configuration | +| fluentd.linuxSystem.logs.maillog | object | `{"multilineStartRegExp":"/^(?:(?:\\d+\\s+)?<([^>]*)>(?:\\d+\\s+)?)?\\S+\\s+\\d{1,2}\\s+\\d{1,2}:\\d{1,2}:\\d{1,2}\\s+/","ociLALogSourceName":"Linux Mail Delivery Logs","path":"/var/log/maillog*"}` | Linux maillog collection configuration | +| fluentd.linuxSystem.logs.securelog | object | `{"multilineStartRegExp":"/^(?:(?:\\d+\\s+)?<([^>]*)>(?:\\d+\\s+)?)?\\S+\\s+\\d{1,2}\\s+\\d{1,2}:\\d{1,2}:\\d{1,2}\\s+/","ociLALogSourceName":"Linux Secure Logs","path":"/var/log/secure*"}` | Linux CRON logs collection configuration | +| fluentd.linuxSystem.logs.syslog | object | `{"multilineStartRegExp":"/^(?:(?:\\d+\\s+)?<([^>]*)>(?:\\d+\\s+)?)?\\S+\\s+\\d{1,2}\\s+\\d{1,2}:\\d{1,2}:\\d{1,2}\\s+/","ociLALogSourceName":"Linux Syslog Logs","path":"/var/log/messages*"}` | Linux syslog collection configuration | +| fluentd.linuxSystem.logs.uptracklog | object | `{"multilineStartRegExp":"/^\\d{4}-\\d{2}-\\d{2}\\s+\\d{2}:\\d{2}:\\d{2}/","ociLALogSourceName":"Ksplice Logs","path":"/var/log/uptrack*"}` | Linux uptrack logs collection configuration | +| fluentd.linuxSystem.logs.yum | object | `{"ociLALogSourceName":"Linux YUM Logs","path":"/var/log/yum.log*"}` | Linux yum logs collection configuration | +| fluentd.ociLoggingAnalyticsOutputPlugin.buffer | object | `{"disable_chunk_backup":true,"flush_interval":30,"flush_thread_burst_interval":0.05,"flush_thread_count":1,"flush_thread_interval":0.5,"retry_exponential_backoff_base":2,"retry_forever":true,"retry_max_times":17,"retry_wait":2,"total_limit_size":"5368709120"}` | Fluentd Buffer Configuration | +| fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_file_count | int | `10` | The number of archived or rotated log files to keep, must be non-zero. | +| fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_file_size | string | `"10MB"` | The maximum log file size at which point the log file to be rotated, for example, 1KB, 1MB, etc. | +| fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_level | string | `"info"` | Output plugin logging level: DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN | +| fluentd.ociLoggingAnalyticsOutputPlugin.profile_name | string | `"DEFAULT"` | OCI API Key profile to use, if multiple profiles are found in the OCI API config file. | +| fluentd.path | string | `"/var/opt/conf"` | Path to the fluentd config file | +| fluentd.tailPlugin | object | `{"flushInterval":60,"readFromHead":true}` | Config for Logs Collection using fluentd tail plugin | +| global.namespace | string | `"oci-onm"` | Kubernetes Namespace for creating monitoring resources. Ignored if oci-kubernetes-monitoring-common.createNamespace set to false. | +| global.resourceNamePrefix | string | `"oci-onm"` | Resource names prefix used, where allowed. | +| image.imagePullPolicy | string | `"Always"` | Image pull policy | +| image.imagePullSecrets | string | `nil` | | +| image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | Replace this value with actual docker image url | +| kubernetesClusterID | string | `nil` | OKE Cluster OCID e.g. ocid1.cluster.oc1.phx.aaaaaaaahhbadf3rxa62faaeixanvr7vftmkg6hupycbf4qszctf2wbmqqxq | +| kubernetesClusterName | string | `nil` | Kubernetes Cluster name. Need not be the OKE Cluster display name. e.g. production-cluster | +| namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace for deploying monitoring resources deployed by this chart. | +| objectsPollingFrequency | string | `"5m"` | Collection frequency (in minutes) for Kubernetes Objects | +| oci-onm-common.createNamespace | bool | `true` | Automatically create namespace for all resources (namespaced) used by OCI Kubernetes Monitoring Solution. | +| oci-onm-common.createServiceAccount | bool | `true` | Automatically create, a readonly cluster role, cluster role binding and serviceaccount is required # to read various cluster objects for monitoring. If set to false serviceaccount value must be provided in the parent chart. Refer, README for the cluster role definition and other details. | +| oci-onm-common.namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace for creating serviceaccount. Default: oci-onm | +| oci-onm-common.resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart | +| oci-onm-common.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Kubernetes ServiceAccount name | +| oci.configFiles."private.pem" | string | `""` | Private key file data -----BEGIN RSA PRIVATE KEY----- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -----END RSA PRIVATE KEY----- | +| oci.configFiles.config | string | `"# Replace each of the below fields with actual values.\n[DEFAULT]\nuser=\nfingerprint=\nkey_file=\ntenancy=\nregion="` | config file [data](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm) Replace each of the below fields with actual values. [DEFAULT] user= fingerprint= key_file= tenancy= region= | +| oci.file | string | `"config"` | Config file name | +| oci.path | string | `"/var/opt/.oci"` | Path to the OCI API config file | +| ociLALogGroupID | string | `nil` | OCID of Logging Analytics Log Group to send logs to. Can be overridden for individual log types. e.g. ocid1.loganalyticsloggroup.oc1.phx.amaaaaasdfaskriauucc55rlwlxe4ahe2vfmtuoqa6qsgu7mb6jugxacsk6a | +| ociLANamespace | string | `nil` | | +| resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart | +| resources.limits | object | `{"memory":"500Mi"}` | Limits | +| resources.requests | object | `{"cpu":"100m","memory":"250Mi"}` | Resource requests | +| runtime | string | `"cri"` | Container runtime for Kubernetes Cluster. Requires fluentd configuration changes accordingly Allowed values: docker, cri(for OKE 1.20 and above) | +| serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Kubernetes ServiceAccount | +| volumes | object | `{"containerdataHostPath":"/u01/data/docker/containers","podsHostPath":"/var/log/pods"}` | Log logvolumes for pod logs and container logs | +| volumes.containerdataHostPath | string | `"/u01/data/docker/containers"` | Path to the container data logs on Kubernetes Nodes | +| volumes.podsHostPath | string | `"/var/log/pods"` | Path to the pod logs on Kubernetes Nodes | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/logan/templates/_helpers.tpl b/charts/logan/templates/_helpers.tpl new file mode 100644 index 00000000..974684b5 --- /dev/null +++ b/charts/logan/templates/_helpers.tpl @@ -0,0 +1,53 @@ + +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +# tpl render function +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +# Prefix for all resources created using this chart. +{{- define "logan.resourceNamePrefix" -}} + {{- if .Values.resourceNamePrefix -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.resourceNamePrefix "context" .) | trunc 63 | trimSuffix "-" }} + {{- else -}} + {{- "oci-onm" -}} + {{- end -}} +{{- end -}} + +# namespace +{{- define "logan.namespace" -}} + {{- if .Values.namespace -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.namespace "context" .) }} + {{- else -}} + {{- "oci-onm" -}} + {{- end -}} +{{- end -}} + +#serviceAccount +{{- define "logan.serviceAccount" -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.serviceAccount "context" .) }} +{{- end -}} + +#kubernetesClusterId +{{- define "logan.kubernetesClusterId" -}} + {{- if .Values.kubernetesClusterID -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.kubernetesClusterID "context" .) }} + {{- else -}} + {{- "UNDEFINED" -}} + {{- end -}} +{{- end -}} + +#kubernetesClusterName +{{- define "logan.kubernetesClusterName" -}} + {{- if .Values.kubernetesClusterName -}} + {{ include "common.tplvalues.render" ( dict "value" .Values.kubernetesClusterName "context" .) }} + {{- else -}} + {{- "UNDEFINED" -}} + {{- end -}} +{{- end -}} diff --git a/logan/helm-chart/templates/fluentd-daemonset.yaml b/charts/logan/templates/fluentd-daemonset.yaml similarity index 79% rename from logan/helm-chart/templates/fluentd-daemonset.yaml rename to charts/logan/templates/fluentd-daemonset.yaml index d20c6807..276f2d04 100644 --- a/logan/helm-chart/templates/fluentd-daemonset.yaml +++ b/charts/logan/templates/fluentd-daemonset.yaml @@ -1,44 +1,44 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + --- {{- $authtype := .Values.authtype | lower }} {{- $imagePullSecrets := .Values.image.imagePullSecrets }} +{{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "oci-la-fluentd.name" . }}-daemonset - namespace: {{ default "kube-system" .Values.namespace }} + name: {{ $resourceNamePrefix }}-logan + namespace: {{ include "logan.namespace" . }} labels: - app: {{ include "oci-la-fluentd.name" . }}-logs + app: {{ $resourceNamePrefix }}-logan version: v1 spec: selector: matchLabels: - app: {{ include "oci-la-fluentd.name" . }}-logs + app: {{ $resourceNamePrefix }}-logan version: v1 template: metadata: annotations: {{- if eq $authtype "config" }} - checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secrets.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secret.yaml") . | sha256sum }} {{- end}} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap-logs.yaml") . | sha256sum }} + checksum/configmap: {{ include (print $.Template.BasePath "/logs-configmap.yaml") . | sha256sum }} labels: - app: {{ include "oci-la-fluentd.name" . }}-logs + app: {{ $resourceNamePrefix }}-logan version: v1 spec: - {{- if .Values.createServiceAccount }} - serviceAccountName: {{ include "oci-la-fluentd.name" . }}-serviceaccount - {{- else }} - serviceAccountName: "{{ .Values.serviceAccount | required (printf "serviceAccount is required when createServiceAccount is false") }}" - {{- end }} + serviceAccountName: {{ include "logan.serviceAccount" . }} tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - {{- if $imagePullSecrets }} - imagePullSecrets: + {{- if $imagePullSecrets }} + imagePullSecrets: - name: {{ .Values.image.imagePullSecrets }} {{- end}} containers: - - name: {{ include "oci-la-fluentd.name" . }}-logs + - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} env: @@ -53,13 +53,13 @@ spec: - name: FLUENT_OCI_NAMESPACE value: {{ .Values.ociLANamespace }} - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID - value: {{ .Values.kubernetesClusterID }} + value: {{ include "logan.kubernetesClusterId" . }} - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME - value: {{ .Values.kubernetesClusterName }} + value: {{ include "logan.kubernetesClusterName" . }} {{- if eq $authtype "config" }} - name: FLUENT_OCI_CONFIG_LOCATION value: {{ .Values.oci.path }}/{{ .Values.oci.file }} - {{- end }} + {{- end }} {{- if .Values.extraEnv }} {{- toYaml .Values.extraEnv | nindent 10 }} {{- end }} @@ -117,17 +117,17 @@ spec: - name: basedir hostPath: path: {{ .Values.fluentd.baseDir }} - {{- end }} + {{- end }} {{- if eq $authtype "config" }} # Mount directory where oci config exists - name: ociconfigdir projected: sources: - secret: - name: {{ include "oci-la-fluentd.name" . }}-credentials-secret + name: {{ $resourceNamePrefix }}-oci-config {{- end }} # Mount directory where fluentd config exists - name: fluentdconfigdir configMap: # Provide the name of the ConfigMap to mount. - name: {{ include "oci-la-fluentd.name" . }}-logs-configmap + name: {{ $resourceNamePrefix }}-logs diff --git a/logan/helm-chart/templates/fluentd-deployment.yaml b/charts/logan/templates/fluentd-deployment.yaml similarity index 73% rename from logan/helm-chart/templates/fluentd-deployment.yaml rename to charts/logan/templates/fluentd-deployment.yaml index ebbf4f5b..d9d5c38d 100644 --- a/logan/helm-chart/templates/fluentd-deployment.yaml +++ b/charts/logan/templates/fluentd-deployment.yaml @@ -1,41 +1,41 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + --- {{- $authtype := .Values.authtype | lower }} {{- $imagePullSecrets := .Values.image.imagePullSecrets }} +{{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "oci-la-fluentd.name" . }}-deployment - namespace: {{ default "kube-system" .Values.namespace }} + name: {{ $resourceNamePrefix }}-logan + namespace: {{ include "logan.namespace" . }} labels: - app: {{ include "oci-la-fluentd.name" . }}-objects + app: {{ $resourceNamePrefix }}-logan version: v1 spec: selector: matchLabels: - app: {{ include "oci-la-fluentd.name" . }}-objects + app: {{ $resourceNamePrefix }}-logan version: v1 template: metadata: annotations: {{- if eq $authtype "config" }} - checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secrets.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secret.yaml") . | sha256sum }} {{- end}} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap-objects.yaml") . | sha256sum }} + checksum/configmap: {{ include (print $.Template.BasePath "/objects-configmap.yaml") . | sha256sum }} labels: - app: {{ include "oci-la-fluentd.name" . }}-objects + app: {{ $resourceNamePrefix }}-logan version: v1 spec: - {{- if .Values.createServiceAccount }} - serviceAccountName: {{ include "oci-la-fluentd.name" . }}-serviceaccount - {{- else }} - serviceAccountName: "{{ .Values.serviceAccount | required (printf "serviceAccount is required when createServiceAccount is false") }}" - {{- end }} - {{- if $imagePullSecrets }} - imagePullSecrets: + serviceAccountName: {{ include "logan.serviceAccount" . }} + {{- if $imagePullSecrets }} + imagePullSecrets: - name: {{ .Values.image.imagePullSecrets }} {{- end}} containers: - - name: {{ include "oci-la-fluentd.name" . }}-objects + - name: {{ $resourceNamePrefix }}-fluentd image: {{ .Values.image.url }} imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} env: @@ -50,13 +50,13 @@ spec: - name: FLUENT_OCI_NAMESPACE value: {{ .Values.ociLANamespace }} - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID - value: {{ .Values.kubernetesClusterID }} + value: {{ include "logan.kubernetesClusterId" . }} - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME - value: {{ .Values.kubernetesClusterName }} + value: {{ include "logan.kubernetesClusterName" . }} {{- if eq $authtype "config" }} - name: FLUENT_OCI_CONFIG_LOCATION value: {{ .Values.oci.path }}/{{ .Values.oci.file }} - {{- end }} + {{- end }} {{- if .Values.extraEnv }} {{- toYaml .Values.extraEnv | nindent 10 }} {{- end }} @@ -95,10 +95,10 @@ spec: projected: sources: - secret: - name: {{ include "oci-la-fluentd.name" . }}-credentials-secret + name: {{ $resourceNamePrefix }}-oci-config {{- end }} # Mount directory where fluentd config exists - name: fluentdconfigdir configMap: # Provide the name of the ConfigMap to mount. - name: {{ include "oci-la-fluentd.name" . }}-objects-configmap + name: {{ $resourceNamePrefix }}-objects diff --git a/logan/helm-chart/templates/configmap-logs.yaml b/charts/logan/templates/logs-configmap.yaml similarity index 80% rename from logan/helm-chart/templates/configmap-logs.yaml rename to charts/logan/templates/logs-configmap.yaml index 89286305..4c3adcc0 100644 --- a/logan/helm-chart/templates/configmap-logs.yaml +++ b/charts/logan/templates/logs-configmap.yaml @@ -1,14 +1,19 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{- $kubernetesClusterName := (include "logan.kubernetesClusterName" .) }} +{{- $kubernetesClusterId := (include "logan.kubernetesClusterId" .) }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "oci-la-fluentd.name" . }}-logs-configmap - namespace: {{ default "kube-system" .Values.namespace }} + name: {{ include "logan.resourceNamePrefix" . }}-logs + namespace: {{ include "logan.namespace" . }} data: # file-like keys fluent.conf: | {{- $authtype := .Values.authtype | lower }} @include kubernetes.conf - + # Filter to add kubernetes metadata @type kubernetes_metadata @@ -28,13 +33,13 @@ data: de_dot false annotation_match [ ".*" ] - + # Match block to ensure all the logs including concat plugin timeout logs will have same label @type relabel @label @NORMAL - + # Match block to set info required for oci-logging-analytics fluentd output plugin