github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-fluentd/templates/daemonset.yaml (about) 1 # Copyright (c) 2022, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 apiVersion: apps/v1 5 kind: DaemonSet 6 metadata: 7 name: {{ .Values.logging.name }} 8 namespace: {{ .Release.Namespace }} 9 labels: 10 app: fluentd 11 spec: 12 selector: 13 matchLabels: 14 app: fluentd 15 template: 16 metadata: 17 annotations: 18 sidecar.istio.io/inject: "true" 19 verrazzano.io/cmChecksum: {{ include (print $.Template.BasePath "/fluentd-config-configmap.yaml") . | sha256sum }} 20 labels: 21 app: fluentd 22 spec: 23 initContainers: 24 - name: cacert-init 25 command: ["/init/init.sh"] 26 image: {{ .Values.logging.fluentdImage }} 27 imagePullPolicy: IfNotPresent 28 securityContext: 29 runAsNonRoot: true 30 runAsUser: 999 31 runAsGroup: 997 32 privileged: false 33 allowPrivilegeEscalation: false 34 capabilities: 35 drop: 36 - ALL 37 volumeMounts: 38 - mountPath: /init 39 name: {{ .Values.logging.name }}-init 40 readOnly: true 41 - name: cacerts 42 mountPath: /fluentd/cacerts 43 - mountPath: /fluentd/secret 44 name: secret-volume 45 readOnly: true 46 containers: 47 - args: 48 - -c 49 - /etc/fluentd.conf 50 env: 51 - name: FLUENTD_CONF 52 value: fluentd-standalone.conf 53 - name: FLUENT_ELASTICSEARCH_SED_DISABLE 54 value: "true" 55 - name: ELASTICSEARCH_URL 56 value: {{ .Values.logging.osURL }} 57 - name: CLUSTER_NAME 58 value: {{ .Values.logging.clusterName }} 59 - name: ELASTICSEARCH_USER 60 valueFrom: 61 secretKeyRef: 62 key: {{ .Values.logging.usernameKey }} 63 name: {{ .Values.logging.credentialsSecret }} 64 optional: true 65 - name: ELASTICSEARCH_PASSWORD 66 valueFrom: 67 secretKeyRef: 68 key: {{ .Values.logging.passwordKey }} 69 name: {{ .Values.logging.credentialsSecret }} 70 optional: true 71 - name: CA_FILE 72 value: /fluentd/cacerts/all-ca-certs.pem 73 - name: CONFIG_HASH 74 {{- if .Values.logging.configHash }} 75 value: {{ .Values.logging.configHash }} 76 {{- else }} 77 value: none 78 {{- end }} 79 - name: K8S_NODE_NAME 80 valueFrom: 81 fieldRef: 82 fieldPath: spec.nodeName 83 image: {{ .Values.logging.fluentdImage }} 84 imagePullPolicy: IfNotPresent 85 securityContext: 86 {{- if .Values.seLinuxOptions }} 87 seLinuxOptions: 88 type: {{ .Values.seLinuxOptions.type }} 89 level: {{ .Values.seLinuxOptions.level }} 90 role: {{ .Values.seLinuxOptions.role }} 91 user: {{ .Values.seLinuxOptions.user }} 92 {{- end }} 93 privileged: false 94 allowPrivilegeEscalation: false 95 capabilities: 96 drop: 97 - ALL 98 add: 99 - DAC_OVERRIDE 100 ports: 101 - containerPort: 24231 102 name: http-metrics 103 protocol: TCP 104 name: {{ .Values.logging.name }} 105 terminationMessagePath: /dev/termination-log 106 terminationMessagePolicy: File 107 volumeMounts: 108 - name: cacerts 109 mountPath: /fluentd/cacerts 110 - mountPath: /fluentd/secret 111 name: secret-volume 112 readOnly: true 113 {{- if .Values.fluentd.oci }} 114 {{- if .Values.fluentd.oci.apiSecret }} 115 - mountPath: /root/.oci 116 name: oci-secret-volume 117 readOnly: true 118 {{- end }} 119 {{- end }} 120 - mountPath: /fluentd/etc 121 name: {{ .Values.logging.name }}-config 122 readOnly: true 123 - mountPath: /var/log 124 name: varlog 125 readOnly: false 126 - mountPath: /var/lib 127 name: varlib 128 readOnly: true 129 - mountPath: /run/log/journal 130 name: run-log-journal 131 readOnly: true 132 {{- if .Values.fluentd.extraVolumeMounts }} 133 {{- range $i, $e := .Values.fluentd.extraVolumeMounts }} 134 - mountPath: {{ $e.destination }} 135 name: extra-volume-{{ $i }} 136 readOnly: {{ $e.readOnly }} 137 {{- end }} 138 {{- end }} 139 serviceAccountName: fluentd 140 terminationGracePeriodSeconds: 30 141 securityContext: 142 seccompProfile: 143 type: RuntimeDefault 144 volumes: 145 - configMap: 146 defaultMode: 0755 147 name: {{ .Values.logging.name }}-init 148 name: {{ .Values.logging.name }}-init 149 - name: cacerts 150 emptyDir: {} 151 - name: secret-volume 152 secret: 153 secretName: {{ .Values.logging.credentialsSecret }} 154 optional: true 155 {{- if .Values.fluentd.oci }} 156 {{- if .Values.fluentd.oci.apiSecret }} 157 - name: oci-secret-volume 158 secret: 159 secretName: {{ .Values.fluentd.oci.apiSecret }} 160 {{- end }} 161 {{- end }} 162 - configMap: 163 name: {{ .Values.logging.name }}-config 164 name: {{ .Values.logging.name }}-config 165 - hostPath: 166 path: /var/log 167 type: "" 168 name: varlog 169 - hostPath: 170 path: /var/lib 171 type: "" 172 name: varlib 173 - hostPath: 174 path: /run/log/journal 175 type: "" 176 name: run-log-journal 177 {{- if .Values.fluentd.extraVolumeMounts }} 178 {{- range $i, $e := .Values.fluentd.extraVolumeMounts }} 179 - hostPath: 180 path: {{ $e.source }} 181 type: "" 182 name: extra-volume-{{ $i }} 183 {{- end }} 184 {{- end }} 185 updateStrategy: 186 rollingUpdate: 187 maxUnavailable: 1 188 type: RollingUpdate