diff options
Diffstat (limited to 'roles/openshift_logging/templates')
-rw-r--r-- | roles/openshift_logging/templates/curator.j2 | 5 | ||||
-rw-r--r-- | roles/openshift_logging/templates/elasticsearch.yml.j2 | 5 | ||||
-rw-r--r-- | roles/openshift_logging/templates/es.j2 | 10 | ||||
-rw-r--r-- | roles/openshift_logging/templates/fluentd.j2 | 18 | ||||
-rw-r--r-- | roles/openshift_logging/templates/kibana.j2 | 35 | ||||
-rw-r--r-- | roles/openshift_logging/templates/mux.j2 | 121 | ||||
-rw-r--r-- | roles/openshift_logging/templates/service.j2 | 6 |
7 files changed, 183 insertions, 17 deletions
diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 index a0fefd882..c6284166b 100644 --- a/roles/openshift_logging/templates/curator.j2 +++ b/roles/openshift_logging/templates/curator.j2 @@ -89,9 +89,6 @@ spec: - name: config mountPath: /etc/curator/settings readOnly: true - - name: elasticsearch-storage - mountPath: /elasticsearch/persistent - readOnly: true volumes: - name: certs secret: @@ -99,5 +96,3 @@ spec: - name: config configMap: name: logging-curator - - name: elasticsearch-storage - emptyDir: {} diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2 index 93c4d854c..355642cb7 100644 --- a/roles/openshift_logging/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging/templates/elasticsearch.yml.j2 @@ -28,11 +28,10 @@ cloud: discovery: type: kubernetes zen.ping.multicast.enabled: false - zen.minimum_master_nodes: {{es_min_masters}} + zen.minimum_master_nodes: ${NODE_QUORUM} gateway: - expected_master_nodes: ${NODE_QUORUM} - recover_after_nodes: ${RECOVER_AFTER_NODES} + recover_after_nodes: ${NODE_QUORUM} expected_nodes: ${RECOVER_EXPECTED_NODES} recover_after_time: ${RECOVER_AFTER_TIME} diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2 index 16185fc1d..680c16cf4 100644 --- a/roles/openshift_logging/templates/es.j2 +++ b/roles/openshift_logging/templates/es.j2 @@ -78,9 +78,6 @@ spec: name: "NODE_QUORUM" value: "{{es_node_quorum | int}}" - - name: "RECOVER_AFTER_NODES" - value: "{{es_recover_after_nodes}}" - - name: "RECOVER_EXPECTED_NODES" value: "{{es_recover_expected_nodes}}" - @@ -95,6 +92,13 @@ spec: readOnly: true - name: elasticsearch-storage mountPath: /elasticsearch/persistent + readinessProbe: + exec: + command: + - "/usr/share/elasticsearch/probe/readiness.sh" + initialDelaySeconds: 5 + timeoutSeconds: 4 + periodSeconds: 5 volumes: - name: elasticsearch secret: diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2 index 0bf1686ad..5c93d823e 100644 --- a/roles/openshift_logging/templates/fluentd.j2 +++ b/roles/openshift_logging/templates/fluentd.j2 @@ -59,6 +59,14 @@ spec: - name: dockercfg mountPath: /etc/sysconfig/docker readOnly: true + - name: dockerdaemoncfg + mountPath: /etc/docker + readOnly: true +{% if openshift_logging_use_mux_client | bool %} + - name: muxcerts + mountPath: /etc/fluent/muxkeys + readOnly: true +{% endif %} env: - name: "K8S_HOST_URL" value: "{{openshift_logging_master_url}}" @@ -122,6 +130,8 @@ spec: value: "{{openshift_logging_fluentd_journal_source | default('')}}" - name: "JOURNAL_READ_FROM_HEAD" value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}" + - name: "USE_MUX_CLIENT" + value: "{{openshift_logging_use_mux_client| default('false')}}" volumes: - name: runlogjournal hostPath: @@ -147,3 +157,11 @@ spec: - name: dockercfg hostPath: path: /etc/sysconfig/docker + - name: dockerdaemoncfg + hostPath: + path: /etc/docker +{% if openshift_logging_use_mux_client | bool %} + - name: muxcerts + secret: + secretName: logging-mux +{% endif %} diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2 index e6ecf82ff..25fab9ac4 100644 --- a/roles/openshift_logging/templates/kibana.j2 +++ b/roles/openshift_logging/templates/kibana.j2 @@ -44,15 +44,19 @@ spec: {% if kibana_cpu_limit is not none %} cpu: "{{kibana_cpu_limit}}" {% endif %} -{% if kibana_memory_limit is not none %} - memory: "{{kibana_memory_limit}}" -{% endif %} + memory: "{{kibana_memory_limit | default('736Mi') }}" {% endif %} env: - name: "ES_HOST" value: "{{es_host}}" - name: "ES_PORT" value: "{{es_port}}" + - + name: "KIBANA_MEMORY_LIMIT" + valueFrom: + resourceFieldRef: + containerName: kibana + resource: limits.memory volumeMounts: - name: kibana mountPath: /etc/kibana/keys @@ -67,9 +71,7 @@ spec: {% if kibana_proxy_cpu_limit is not none %} cpu: "{{kibana_proxy_cpu_limit}}" {% endif %} -{% if kibana_proxy_memory_limit is not none %} - memory: "{{kibana_proxy_memory_limit}}" -{% endif %} + memory: "{{kibana_proxy_memory_limit | default('96Mi') }}" {% endif %} ports: - @@ -103,6 +105,27 @@ spec: - name: "OAP_DEBUG" value: "{{openshift_logging_kibana_proxy_debug}}" + - + name: "OAP_OAUTH_SECRET_FILE" + value: "/secret/oauth-secret" + - + name: "OAP_SERVER_CERT_FILE" + value: "/secret/server-cert" + - + name: "OAP_SERVER_KEY_FILE" + value: "/secret/server-key" + - + name: "OAP_SERVER_TLS_FILE" + value: "/secret/server-tls.json" + - + name: "OAP_SESSION_SECRET_FILE" + value: "/secret/session-secret" + - + name: "OCP_AUTH_PROXY_MEMORY_LIMIT" + valueFrom: + resourceFieldRef: + containerName: kibana-proxy + resource: limits.memory volumeMounts: - name: kibana-proxy mountPath: /secret diff --git a/roles/openshift_logging/templates/mux.j2 b/roles/openshift_logging/templates/mux.j2 new file mode 100644 index 000000000..41e6abd52 --- /dev/null +++ b/roles/openshift_logging/templates/mux.j2 @@ -0,0 +1,121 @@ +apiVersion: "v1" +kind: "DeploymentConfig" +metadata: + name: "{{deploy_name}}" + labels: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" +spec: + replicas: {{replicas|default(0)}} + selector: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" + strategy: + rollingParams: + intervalSeconds: 1 + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + name: "{{deploy_name}}" + labels: + logging-infra: "{{logging_component}}" + provider: openshift + component: "{{component}}" + spec: + serviceAccountName: aggregated-logging-fluentd +{% if mux_node_selector is iterable and mux_node_selector | length > 0 %} + nodeSelector: +{% for key, value in mux_node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - name: "mux" + image: {{image}} + imagePullPolicy: Always +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} + resources: + limits: +{% if mux_cpu_limit is not none %} + cpu: "{{mux_cpu_limit}}" +{% endif %} +{% if mux_memory_limit is not none %} + memory: "{{mux_memory_limit}}" +{% endif %} +{% endif %} + ports: + - containerPort: "{{ openshift_logging_mux_port }}" + name: mux-forward + volumeMounts: + - name: config + mountPath: /etc/fluent/configs.d/user + readOnly: true + - name: certs + mountPath: /etc/fluent/keys + readOnly: true + - name: dockerhostname + mountPath: /etc/docker-hostname + readOnly: true + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: muxcerts + mountPath: /etc/fluent/muxkeys + readOnly: true + env: + - name: "K8S_HOST_URL" + value: "{{openshift_logging_master_url}}" + - name: "ES_HOST" + value: "{{openshift_logging_es_host}}" + - name: "ES_PORT" + value: "{{openshift_logging_es_port}}" + - name: "ES_CLIENT_CERT" + value: "{{openshift_logging_es_client_cert}}" + - name: "ES_CLIENT_KEY" + value: "{{openshift_logging_es_client_key}}" + - name: "ES_CA" + value: "{{openshift_logging_es_ca}}" + - name: "OPS_HOST" + value: "{{ops_host}}" + - name: "OPS_PORT" + value: "{{ops_port}}" + - name: "OPS_CLIENT_CERT" + value: "{{openshift_logging_es_ops_client_cert}}" + - name: "OPS_CLIENT_KEY" + value: "{{openshift_logging_es_ops_client_key}}" + - name: "OPS_CA" + value: "{{openshift_logging_es_ops_ca}}" + - name: "USE_JOURNAL" + value: "false" + - name: "JOURNAL_SOURCE" + value: "{{openshift_logging_fluentd_journal_source | default('')}}" + - name: "JOURNAL_READ_FROM_HEAD" + value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}" + - name: FORWARD_LISTEN_HOST + value: "{{ openshift_logging_mux_hostname }}" + - name: FORWARD_LISTEN_PORT + value: "{{ openshift_logging_mux_port }}" + - name: USE_MUX + value: "true" + - name: MUX_ALLOW_EXTERNAL + value: "{{ openshift_logging_mux_allow_external| default('false') }}" + volumes: + - name: config + configMap: + name: logging-mux + - name: certs + secret: + secretName: logging-fluentd + - name: dockerhostname + hostPath: + path: /etc/hostname + - name: localtime + hostPath: + path: /etc/localtime + - name: muxcerts + secret: + secretName: logging-mux diff --git a/roles/openshift_logging/templates/service.j2 b/roles/openshift_logging/templates/service.j2 index 6c4ec0c76..70644a39c 100644 --- a/roles/openshift_logging/templates/service.j2 +++ b/roles/openshift_logging/templates/service.j2 @@ -26,3 +26,9 @@ spec: {% for key, value in selector.iteritems() %} {{key}}: {{value}} {% endfor %} +{% if externalIPs is defined -%} + externalIPs: +{% for ip in externalIPs %} + - {{ ip }} +{% endfor %} +{% endif %} |