openstack-helm/fluentd/values.yaml

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for fluentbit and fluentd.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

release_group: null

labels:
  fluentd:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  prometheus_fluentd_exporter:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

images:
  tags:
    fluentd: docker.io/fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
    prometheus_fluentd_exporter: docker.io/bitnami/fluentd-exporter:0.2.0
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
    helm_tests: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    elasticsearch_template: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: IfNotPresent
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

secrets:
  elasticsearch:
    user: fluentd-elasticsearch-user

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - fluentd-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    fluentd:
      services: null
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry
    prometheus_fluentd_exporter:
      services:
        - endpoint: internal
          service: fluentd

conf:
  fluentd:
    template: |
      <source>
        bind 0.0.0.0
        port 24220
        @type monitor_agent
      </source>

      <source>
        bind 0.0.0.0
        port "#{ENV['FLUENTD_PORT']}"
        @type forward
      </source>

      <match fluent.**>
        @type null
      </match>

      <match kube.var.log.containers.**.log>
        <rule>
          key log
          pattern /info/i
          tag info.${tag}
        </rule>
        <rule>
          key log
          pattern /warn/i
          tag warn.${tag}
        </rule>
        <rule>
          key log
          pattern /error/i
          tag error.${tag}
        </rule>
        <rule>
          key log
          pattern /critical/i
          tag critical.${tag}
        </rule>
        <rule>
          key log
          pattern (.+)
          tag info.${tag}
        </rule>
        @type rewrite_tag_filter
      </match>

      <filter **.kube.var.log.containers.**.log>
        enable_ruby true
        <record>
          application ${record["kubernetes"]["labels"]["application"]}
          level ${tag_parts[0]}
        </record>
        @type record_transformer
      </filter>

      <filter openstack.**>
        <record>
          application ${tag_parts[1]}
        </record>
        @type record_transformer
      </filter>

      <match openstack.**>
        <rule>
          key level
          pattern INFO
          tag info.${tag}
        </rule>
        <rule>
          key level
          pattern WARN
          tag warn.${tag}
        </rule>
        <rule>
          key level
          pattern ERROR
          tag error.${tag}
        </rule>
        <rule>
          key level
          pattern CRITICAL
          tag critical.${tag}
        </rule>
        @type rewrite_tag_filter
      </match>

      <match *.openstack.**>
        <rule>
          key application
          pattern keystone
          tag auth.${tag}
        </rule>
        <rule>
          key application
          pattern horizon
          tag auth.${tag}
        </rule>
        <rule>
          key application
          pattern mariadb
          tag auth.${tag}
        </rule>
        <rule>
          key application
          pattern memcached
          tag auth.${tag}
        </rule>
        <rule>
          key application
          pattern rabbitmq
          tag auth.${tag}
        </rule>
        @type rewrite_tag_filter
      </match>

      <match libvirt>
        <buffer>
          chunk_limit_size 8MB
          flush_interval 15s
          flush_thread_count 8
          queue_limit_length 256
          retry_forever false
          retry_max_interval 30
        </buffer>
        host "#{ENV['ELASTICSEARCH_HOST']}"
        include_tag_key true
        logstash_format true
        logstash_prefix libvirt
        password "#{ENV['ELASTICSEARCH_PASSWORD']}"
        port "#{ENV['ELASTICSEARCH_PORT']}"
        @type elasticsearch
        user "#{ENV['ELASTICSEARCH_USERNAME']}"
      </match>

      <match qemu>
        <buffer>
          chunk_limit_size 8MB
          flush_interval 15s
          flush_thread_count 8
          queue_limit_length 256
          retry_forever false
          retry_max_interval 30
        </buffer>
        host "#{ENV['ELASTICSEARCH_HOST']}"
        include_tag_key true
        logstash_format true
        logstash_prefix qemu
        password "#{ENV['ELASTICSEARCH_PASSWORD']}"
        port "#{ENV['ELASTICSEARCH_PORT']}"
        @type elasticsearch
        user "#{ENV['ELASTICSEARCH_USERNAME']}"
      </match>

      <match journal.**>
        <buffer>
          chunk_limit_size 8MB
          flush_interval 15s
          flush_thread_count 8
          queue_limit_length 256
          retry_forever false
          retry_max_interval 30
        </buffer>
        host "#{ENV['ELASTICSEARCH_HOST']}"
        include_tag_key true
        logstash_format true
        logstash_prefix journal
        password "#{ENV['ELASTICSEARCH_PASSWORD']}"
        port "#{ENV['ELASTICSEARCH_PORT']}"
        @type elasticsearch
        user "#{ENV['ELASTICSEARCH_USERNAME']}"
      </match>

      <match kernel>
        <buffer>
          chunk_limit_size 8MB
          flush_interval 15s
          flush_thread_count 8
          queue_limit_length 256
          retry_forever false
          retry_max_interval 30
        </buffer>
        host "#{ENV['ELASTICSEARCH_HOST']}"
        include_tag_key true
        logstash_format true
        logstash_prefix kernel
        password "#{ENV['ELASTICSEARCH_PASSWORD']}"
        port "#{ENV['ELASTICSEARCH_PORT']}"
        @type elasticsearch
        user "#{ENV['ELASTICSEARCH_USERNAME']}"
      </match>

      <match **>
        <buffer>
          chunk_limit_size 8MB
          flush_interval 15s
          flush_thread_count 8
          queue_limit_length 256
          retry_forever false
          retry_max_interval 30
        </buffer>
        flush_interval 15s
        host "#{ENV['ELASTICSEARCH_HOST']}"
        include_tag_key true
        logstash_format true
        password "#{ENV['ELASTICSEARCH_PASSWORD']}"
        port "#{ENV['ELASTICSEARCH_PORT']}"
        @type elasticsearch
        type_name fluent
        user "#{ENV['ELASTICSEARCH_USERNAME']}"
      </match>
  fluentbit:
    template: |
      [SERVICE]
          Daemon false
          Flush 30
          Log_Level info
          Parsers_File parsers.conf

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name tail
          Path /var/log/kern.log
          Tag kernel

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name tail
          Parser docker
          Path /var/log/containers/*.log
          Tag kube.*

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name tail
          Path /var/log/libvirt/libvirtd.log
          Tag libvirt

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name tail
          Path /var/log/libvirt/qemu/*.log
          Tag qemu

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name systemd
          Path ${JOURNAL_PATH}
          Systemd_Filter _SYSTEMD_UNIT=kubelet.service
          Tag journal.*

      [INPUT]
          Buffer_Chunk_Size 1M
          Buffer_Max_Size 1M
          Mem_Buf_Limit 5MB
          Name systemd
          Path ${JOURNAL_PATH}
          Systemd_Filter _SYSTEMD_UNIT=docker.service
          Tag journal.*

      [FILTER]
          Interval 1s
          Match **
          Name throttle
          Rate 1000
          Window 300

      [FILTER]
          Match libvirt
          Name record_modifier
          Record hostname ${HOSTNAME}

      [FILTER]
          Match qemu
          Name record_modifier
          Record hostname ${HOSTNAME}

      [FILTER]
          Match kernel
          Name record_modifier
          Record hostname ${HOSTNAME}

      [FILTER]
          Match journal.**
          Name modify
          Rename _BOOT_ID BOOT_ID
          Rename _CAP_EFFECTIVE CAP_EFFECTIVE
          Rename _CMDLINE CMDLINE
          Rename _COMM COMM
          Rename _EXE EXE
          Rename _GID GID
          Rename _HOSTNAME HOSTNAME
          Rename _MACHINE_ID MACHINE_ID
          Rename _PID PID
          Rename _SYSTEMD_CGROUP SYSTEMD_CGROUP
          Rename _SYSTEMD_SLICE SYSTEMD_SLICE
          Rename _SYSTEMD_UNIT SYSTEMD_UNIT
          Rename _TRANSPORT TRANSPORT
          Rename _UID UID

      [OUTPUT]
          Match **.fluentd**
          Name null

      [FILTER]
          Match kube.*
          Merge_JSON_Log true
          Name kubernetes

      [OUTPUT]
          Host ${FLUENTD_HOST}
          Match *
          Name forward
          Port ${FLUENTD_PORT}
  parsers:
    template: |
      [PARSER]
        Decode_Field_As escaped_utf8 log
        Format json
        Name docker
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep true
        Time_Key time
  fluentd_exporter:
    log:
      format: "logger:stdout?json=true"
      level: "info"

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  elasticsearch:
    namespace: null
    name: elasticsearch
    auth:
      admin:
        username: admin
        password: changeme
    hosts:
      data: elasticsearch-data
      default: elasticsearch-logging
      discovery: elasticsearch-discovery
      public: elasticsearch
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: http
    port:
      http:
        default: 80
  fluentd:
    namespace: null
    name: fluentd
    hosts:
      default: fluentd-logging
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: http
    port:
      service:
        default: 24224
      metrics:
        default: 24220
  prometheus_fluentd_exporter:
    namespace: null
    hosts:
      default: fluentd-exporter
    host_fqdn_override:
      default: null
    path:
      default: /metrics
    scheme:
      default: 'http'
    port:
      metrics:
        default: 9309

monitoring:
  prometheus:
    enabled: false
    fluentd_exporter:
      scrape: true

network:
  fluentd:
    node_port:
      enabled: false
      port: 32329

network_policy:
  prometheus-fluentd-exporter:
    ingress:
      - {}
    egress:
      - {}
  fluentd:
    ingress:
      - {}
    egress:
      - {}

pod:
  security_context:
    fluentd:
      pod:
        runAsUser: 65534
      container:
        fluentd:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    exporter:
      pod:
        runAsUser: 65534
      container:
        fluentd_exporter:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
      weight:
        default: 10
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    termination_grace_period:
      fluentd:
        timeout: 30
      prometheus_fluentd_exporter:
        timeout: 30
  replicas:
    fluentd: 3
    prometheus_fluentd_exporter: 1
  resources:
    enabled: false
    fluentd:
      limits:
        memory: '1024Mi'
        cpu: '2000m'
      requests:
        memory: '128Mi'
        cpu: '500m'
    prometheus_fluentd_exporter:
      limits:
        memory: "1024Mi"
        cpu: "2000m"
      requests:
        memory: "128Mi"
        cpu: "500m"
  mounts:
    fluentd:
      fluentd:

manifests:
  configmap_bin: true
  configmap_etc: true
  deployment_fluentd: true
  job_image_repo_sync: true
  monitoring:
    prometheus:
      configmap_bin_exporter: true
      deployment_exporter: true
      network_policy_exporter: false
      service_exporter: true
  network_policy: false
  secret_elasticsearch: true
  service_fluentd: true