├── .bumpversion.cfg ├── .drone.yml ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── pull_request_template.md ├── .gitignore ├── .rules └── .luacheckrc ├── LICENSE ├── Makefile ├── README.md ├── build └── builder │ └── Dockerfile ├── docs ├── COMPATIBILITY_MATRIX.md ├── CONTRIBUTING.md ├── images │ └── diagram.png └── releases │ ├── unreleased.md │ ├── v1.10.0.md │ ├── v1.10.1.md │ ├── v1.10.2.md │ ├── v1.2.0.md │ ├── v1.2.1.md │ ├── v1.3.0.md │ ├── v1.3.1.md │ ├── v1.4.0.md │ ├── v1.5.0.md │ ├── v1.6.0.md │ ├── v1.7.0.md │ ├── v1.7.1.md │ ├── v1.8.0.md │ ├── v1.9.0.md │ ├── v1.9.1.md │ ├── v1.9.2.md │ ├── v2.0.0.md │ ├── v2.0.1.md │ ├── v2.0.2.md │ ├── v2.0.3.md │ ├── v3.0.0.md │ ├── v3.0.1.md │ ├── v3.0.2.md │ ├── v3.0.3.md │ ├── v3.1.0.md │ ├── v3.1.1.md │ ├── v3.1.2.md │ ├── v3.1.3.md │ ├── v3.2.0.md │ ├── v3.2.1.md │ ├── v3.3.0.md │ ├── v3.3.1.md │ ├── v3.4.0.md │ ├── v3.4.1.md │ ├── v4.0.0.md │ ├── v5.0.0.md │ └── v5.1.0.md ├── examples ├── registry-override │ ├── README.md │ ├── opensearch-dashboards │ │ └── kustomization.yaml │ ├── opensearch-single │ │ └── kustomization.yaml │ └── opensearch-triple │ │ └── kustomization.yaml └── tolerations │ ├── README.md │ ├── configs │ ├── kubernetes-event-tailer.yml │ └── kustomization.yaml │ ├── logging-operated │ ├── fluentd.yml │ ├── kustomization.yaml │ └── minio.yml │ └── logging-operator │ ├── kustomization.yaml │ └── logging-operator.yml └── katalog ├── .DS_Store ├── configs ├── README.md ├── audit │ ├── audit-hosttailer.yml │ ├── audit-index-template.json │ ├── flow.yml │ ├── kustomization.yaml │ └── output.yml ├── events │ ├── events-index-template.json │ ├── flow.yml │ ├── kubernetes-eventtailer.yml │ ├── kustomization.yaml │ └── output.yml ├── infra │ ├── cluster-flow.yml │ ├── cluster-output.yml │ ├── infra-index-template.json │ └── kustomization.yaml ├── ingress-nginx │ ├── flow.yml │ ├── ingress-controller-index-template.json │ ├── kustomization.yaml │ └── output.yml ├── kubernetes │ ├── cluster-flow.yml │ ├── cluster-output.yml │ ├── kubernetes-index-template.json │ └── kustomization.yaml ├── kustomization.yaml └── systemd │ ├── common │ ├── flow.yml │ ├── hosttrailer.yml │ ├── kustomization.yaml │ ├── output.yml │ └── systemd-index-template.json │ ├── etcd │ ├── flow.yml │ ├── hosttrailer.yml │ ├── kustomization.yaml │ └── output.yml │ └── kustomization.yaml ├── logging-operated ├── MAINTENANCE.md ├── README.md ├── dashboards │ ├── dashboard-logging.json │ └── kustomization.yaml ├── errors-cluster-output.yml ├── fluentd-fluentbit.yml ├── kustomization.yaml └── minio-credentials.env ├── logging-operator ├── .DS_Store ├── MAINTENANCE.md ├── MAINTENANCE.values.yaml ├── README.md ├── crds │ ├── kustomization.yaml │ ├── logging-extensions.banzaicloud.io_eventtailers.yaml │ ├── logging-extensions.banzaicloud.io_hosttailers.yaml │ ├── logging.banzaicloud.io_clusterflows.yaml │ ├── logging.banzaicloud.io_clusteroutputs.yaml │ ├── logging.banzaicloud.io_flows.yaml │ ├── logging.banzaicloud.io_fluentbitagents.yaml │ ├── logging.banzaicloud.io_fluentdconfigs.yaml │ ├── logging.banzaicloud.io_loggingroutes.yaml │ ├── logging.banzaicloud.io_loggings.yaml │ ├── logging.banzaicloud.io_nodeagents.yaml │ ├── logging.banzaicloud.io_outputs.yaml │ ├── logging.banzaicloud.io_syslogngclusterflows.yaml │ ├── logging.banzaicloud.io_syslogngclusteroutputs.yaml │ ├── logging.banzaicloud.io_syslogngconfigs.yaml │ ├── logging.banzaicloud.io_syslogngflows.yaml │ └── logging.banzaicloud.io_syslogngoutputs.yaml ├── deploy.yaml ├── kustomization.yaml └── ns.yml ├── loki-configs ├── README.md ├── audit │ ├── kustomization.yaml │ ├── output-json-patch.yml │ └── output.yml ├── events │ ├── kustomization.yaml │ ├── output-json-patch.yml │ └── output.yml ├── infra │ ├── cluster-output-json-patch.yml │ ├── cluster-output.yml │ └── kustomization.yaml ├── ingress-nginx │ ├── kustomization.yaml │ ├── output-json-patch.yml │ └── output.yml ├── kubernetes │ ├── cluster-output-json-patch.yml │ ├── cluster-output.yml │ └── kustomization.yaml ├── kustomization.yaml └── systemd │ ├── common │ ├── kustomization.yaml │ ├── output-json-patch.yml │ └── output.yml │ ├── etcd │ ├── kustomization.yaml │ ├── output-json-patch.yml │ └── output.yml │ └── kustomization.yaml ├── loki-distributed ├── MAINTENANCE.md ├── MAINTENANCE.values.yaml ├── README.md ├── configs │ └── config.yaml ├── datasource │ ├── kustomization.yaml │ └── loki.yaml ├── deploy.yaml ├── kustomization.yaml ├── minio-credentials.env └── service-monitor.yaml ├── minio-ha ├── MAINTENANCE.md ├── MAINTENANCE.values.yaml ├── README.md ├── deploy.yaml ├── initialize-minio-buckets.yaml ├── kustomization.yaml └── prometheusrules.yaml ├── opensearch-dashboards ├── MAINTENANCE.md ├── MAINTENANCE.values.yaml ├── README.md ├── configs │ ├── index-patterns.ndjson │ └── opensearch_dashboards.yml ├── deploy.yaml ├── index-patterns-cronjob.yml └── kustomization.yaml ├── opensearch-single ├── MAINTENANCE.md ├── MAINTENANCE.values.yaml ├── README.md ├── configs │ ├── opensearch.yml │ └── retention.json ├── deploy.yaml ├── ism-policy-cronjob.yml ├── kustomization.yaml ├── rules.yml └── sm.yml ├── opensearch-triple ├── README.md ├── kustomization.yaml └── triple.yml └── tests ├── helper.bash ├── kind └── config.yml ├── pytest.sh ├── test.py └── tests.sh /.bumpversion.cfg: -------------------------------------------------------------------------------- 1 | [bumpversion] 2 | commit = True 3 | tag = True 4 | current_version = 1.10.2 5 | parse = (?P\d+)\.(?P\d+)\.(?P\d+)(\-rc(?P\d+))? 6 | serialize = 7 | {major}.{minor}.{patch}-rc{rc} 8 | {major}.{minor}.{patch} 9 | 10 | [bumpversion:file:examples/elasticsearch-resources/Furyfile.yml] 11 | search = version: v{current_version} 12 | replace = version: v{new_version} 13 | 14 | [bumpversion:file:examples/kibana-node-selector/Furyfile.yml] 15 | search = version: v{current_version} 16 | replace = version: v{new_version} 17 | 18 | [bumpversion:file:examples/curator-s3-deployment/Furyfile.yml] 19 | search = version: v{current_version} 20 | replace = version: v{new_version} 21 | 22 | [bumpversion:file:examples/curator-s3-deployment-with-jaeger/Furyfile.yml] 23 | search = version: v{current_version} 24 | replace = version: v{new_version} 25 | 26 | [bumpversion:file:katalog/curator-s3/kustomization.yaml] 27 | search = module.kfd.sighup.io/version: "v{current_version}" 28 | replace = module.kfd.sighup.io/version: "v{new_version}" 29 | 30 | [bumpversion:file:katalog/curator/kustomization.yaml] 31 | search = module.kfd.sighup.io/version: "v{current_version}" 32 | replace = module.kfd.sighup.io/version: "v{new_version}" 33 | 34 | [bumpversion:file:katalog/elasticsearch-single/kustomization.yaml] 35 | search = module.kfd.sighup.io/version: "v{current_version}" 36 | replace = module.kfd.sighup.io/version: "v{new_version}" 37 | 38 | [bumpversion:file:katalog/kibana/kustomization.yaml] 39 | search = module.kfd.sighup.io/version: "v{current_version}" 40 | replace = module.kfd.sighup.io/version: "v{new_version}" 41 | 42 | [bumpversion:file:katalog/fluentd/kustomization.yaml] 43 | search = module.kfd.sighup.io/version: "v{current_version}" 44 | replace = module.kfd.sighup.io/version: "v{new_version}" 45 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Kubernetes (please complete the following information):** 32 | - Kubernetes version: [e.g. 1.30.0] 33 | - OPA Gatekeeper version: [e.g. 3.18.0] 34 | 35 | **Additional context** 36 | Add any other context about the problem here. 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 15 | 16 | ### Summary 💡 17 | 18 | 19 | 20 | 25 | Closes: 26 | 27 | 28 | 29 | Relates: 30 | 31 | 32 | ### Description 📝 33 | 34 | 42 | 43 | ### Breaking Changes 💔 44 | 45 | 51 | 52 | ### Tests performed 🧪 53 | 54 | 63 | 64 | ### Future work 🔧 65 | 66 | 70 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .pytest_cache 2 | __pycache__ 3 | 4 | .envrc 5 | .tool-versions 6 | *built* 7 | -------------------------------------------------------------------------------- /.rules/.luacheckrc: -------------------------------------------------------------------------------- 1 | exclude_files = {"katalog/fluentd/scripts/dedot.lua"} 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2019, SIGHUP 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /build/builder/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | # hadolint ignore=DL3007 6 | FROM quay.io/sighup/policeman:latest as linter 7 | 8 | ENV VALIDATE_KUBERNETES_KUBEVAL="false" 9 | ENV VALIDATE_JSCPD="false" 10 | ENV VALIDATE_DOCKERFILE="false" 11 | 12 | RUN mkdir /app 13 | WORKDIR /app 14 | 15 | COPY . . 16 | 17 | RUN npm install -g embedme@1.22.0 && /entrypoint.sh && embedme --verify "**/*.md" 18 | 19 | FROM golang:1.16 as add-license-requirement 20 | 21 | RUN go get -u github.com/google/addlicense && addlicense -c "SIGHUP s.r.l" -v -l bsd . 22 | 23 | FROM golang:1.16 as check-license 24 | 25 | RUN go get -u github.com/google/addlicense && mkdir /app 26 | 27 | WORKDIR /app 28 | 29 | COPY . . 30 | 31 | RUN addlicense -c "SIGHUP s.r.l" -v -l bsd --check . 32 | 33 | FROM openpolicyagent/conftest:v0.28.1 as checklabel 34 | 35 | RUN mkdir /app 36 | WORKDIR /app 37 | 38 | COPY . . 39 | 40 | RUN conftest pull https://raw.githubusercontent.com/sighupio/ci-commons/main/conftest/kustomization/kfd-labels.rego && \ 41 | conftest test katalog/**/kustomization.yaml 42 | 43 | FROM registry.sighup.io/poc/fury-repo-automations:v0.0.2 as jsonbuilder 44 | 45 | RUN mkdir /app 46 | WORKDIR /app 47 | 48 | COPY . . 49 | 50 | FROM python:3.9-alpine as bumpversion-requirement 51 | 52 | # hadolint ignore=DL3018 53 | RUN apk add git --no-cache && pip --no-cache-dir install bump2version==1.0.1 54 | 55 | ENTRYPOINT ["/usr/local/bin/bumpversion"] 56 | -------------------------------------------------------------------------------- /docs/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Rework in progress. -------------------------------------------------------------------------------- /docs/images/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/module-logging/f756156ddf86c624fada8400d931ee498ea85380/docs/images/diagram.png -------------------------------------------------------------------------------- /docs/releases/unreleased.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release vTBD 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | 6 | ## Component Images 🚢 7 | 8 | | Component | Supported Version | Previous Version | 9 | | ----------------------- | -------------------------------------------------------------------------------------------------- | ------------------------------ | 10 | | `opensearch` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.1) | `No Update` | 11 | | `opensearch-dashboards` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.19.1) | `No Update` | 12 | | `logging-operator` | [`v5.2.0`](https://github.com/kube-logging/logging-operator/releases/tag/5.2.0) | `No Update` | 13 | | `loki-distributed` | [`v3.4.2`](https://github.com/grafana/loki/releases/tag/v3.4.2) | `No Update` | 14 | | `minio-ha` | [`RELEASE.2025-02-28T09-55-16Z`](https://github.com/minio/minio/tree/RELEASE.2025-02-28T09-55-16Z) | `No Update` | 15 | 16 | ## Bug Fixes and Changes 🐛 17 | 18 | - [[#189](https://github.com/sighupio/module-logging/pull/189)]: Fixed a bug with `minio-ha`, where the image for the `mc` utility was missing the tag and using latest in consequence. This could lead to issues when upstream releases breaking changes. 19 | 20 | ## Breaking Changes 💔 21 | 22 | None. 23 | 24 | ## Update Guide 🦮 25 | 26 | ### Upgrade using the distribution 27 | 28 | To upgrade the module using the distribution please refer to the [`official documentation`](https://docs.sighup.io/docs/upgrades/upgrades) 29 | 30 | ### Manual Upgrade 31 | 32 | ℹ️ **Note:** Manually upgrading the module is deprecated. It is recommended to use it with the [`SIGHUP Distribution`](https://github.com/sighupio/distribution). 33 | 34 | To upgrade the module run: 35 | 36 | ```bash 37 | kustomize build | kubectl apply -f - --server-side 38 | ``` 39 | -------------------------------------------------------------------------------- /docs/releases/v1.10.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 1.10.1 2 | 3 | :x: This release contains issues, please use the version `1.10.2` instead. 4 | 5 | Welcome to the latest release of `logging` module of [`Kubernetes Fury 6 | Distribution`](https://github.com/sighupio/fury-distribution) maintained by team 7 | SIGHUP. 8 | 9 | This is a patch release fixing a bug and improving some documentation for the module. 10 | 11 | > 💡 Please refer the release notes of the minor version 12 | > [`v1.10.0`](https://github.com/sighupio/fury-kubernetes-logging/releases/tag/v1.10.0) 13 | > if you are upgrading from a version `< v1.10.0` 14 | 15 | ## Component Images 🚢 16 | 17 | | Component | Supported Version | Previous Version | 18 | |-----------------|--------------------------------------------------------------------------------------------------------|------------------| 19 | | `elasticsearch` | [`v7.16.2`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.3.html) | `No update` | 20 | | `kibana` | [`v7.16.2`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.16.2.html) | `No update` | 21 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 22 | | `curator` | [`v5.8.4`](https://github.com/elastic/curator/releases/tag/v5.8.4) | `No update` | 23 | | `fluentd` | [`v1.14.2`](https://github.com/fluent/fluentd/releases/tag/v1.14.2) | `No update` | 24 | | `fluent-bit` | [`v1.8.10`](https://fluentbit.io/announcements/v1.8.10/) | `No update` | 25 | 26 | > Please refer the individual release notes to get a detailed info on the 27 | > releases. It is worth visiting the release notes of `elasticsearch` and `kibana` 28 | 29 | ## Documentation 📕 30 | 31 | - [#62](https://github.com/sighupio/fury-kubernetes-logging/pulls/62) Improve 32 | and restructure the documentation of the logging module 33 | 34 | ## Update Guide 🦮 35 | 36 | Since this is only a documentation update, no changes are to be made to the installment of this update. 37 | -------------------------------------------------------------------------------- /docs/releases/v1.10.2.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 1.10.2 2 | 3 | Welcome to the latest release of `logging` module of [`Kubernetes Fury 4 | Distribution`](https://github.com/sighupio/fury-distribution) maintained by team 5 | SIGHUP. 6 | 7 | This is a patch release reverts the commonLabels applied in `v1.10.0` because they break updating the module in the future. 8 | 9 | > 💡 Please refer the release notes of the minor version 10 | > [`v1.10.2`](https://github.com/sighupio/fury-kubernetes-logging/releases/tag/v1.10.2) 11 | > if you are upgrading from a version `< v1.10.2` 12 | 13 | ## Component Images 🚢 14 | 15 | | Component | Supported Version | Previous Version | 16 | |-----------------|--------------------------------------------------------------------------------------------------------|------------------| 17 | | `elasticsearch` | [`v7.16.2`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.3.html) | `No update` | 18 | | `kibana` | [`v7.16.2`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.16.2.html) | `No update` | 19 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 20 | | `curator` | [`v5.8.4`](https://github.com/elastic/curator/releases/tag/v5.8.4) | `No update` | 21 | | `fluentd` | [`v1.14.2`](https://github.com/fluent/fluentd/releases/tag/v1.14.2) | `No update` | 22 | | `fluent-bit` | [`v1.8.10`](https://fluentbit.io/announcements/v1.8.10/) | `No update` | 23 | 24 | > Please refer the individual release notes to get a detailed info on the 25 | > releases. It is worth visiting the release notes of `elasticsearch` and `kibana` 26 | 27 | ## Update Guide 🦮 28 | 29 | ### Warnings 30 | 31 | - Since the release rollbacks some changes to immutable fields, if `deployments`, `statefulset` and `daemonsets`, are not deleted first before applying the module, it will error out. Check the Process below for more info. 32 | 33 | ### Process 34 | 35 | If you are upgrading from version `v1.9.2` to `v1.10.1`, you need to download this new version, then apply the `kustomize` project as shown below. 36 | There will be **some downtime** on the components. 37 | 38 | ```bash 39 | kubectl delete deployments cerebro -n logging 40 | kustomize build katalog/cerebro | kubectl apply -f - 41 | 42 | kubectl delete cronjob curator -n logging 43 | kustomize build katalog/curator | kubectl apply -f - 44 | # or 45 | kubectl delete cronjob curator -n logging 46 | kustomize build katalog/curator-s3 | kubectl apply -f - 47 | 48 | kubectl delete statefulset elasticsearch -n logging 49 | kustomize build katalog/elasticsearch-single | kubectl apply -f - 50 | # or 51 | kustomize delete statefulset elasticsearch -n logging 52 | kustomize build katalog/elasticsearch-triple | kubectl apply -f - 53 | 54 | kubectl delete statefulset fluentd -n logging 55 | kubectl delete daemonset fluentbit -n logging 56 | kustomize build katalog/fluentd | kubectl apply -f - 57 | kubectl delete deployment kibana -n logging 58 | kustomize build katalog/kibana | kubectl apply -f - 59 | ``` 60 | 61 | If you are upgrading from a version `< v1.9.2`, you can simply apply the `kustomize` project as shown below. 62 | 63 | ```bash 64 | kustomize build katalog/cerebro | kubectl apply -f - 65 | 66 | kustomize build katalog/curator | kubectl apply -f - 67 | # or 68 | kustomize build katalog/curator-s3 | kubectl apply -f - 69 | 70 | kustomize build katalog/elasticsearch-single | kubectl apply -f - 71 | # or 72 | kustomize build katalog/elasticsearch-triple | kubectl apply -f - 73 | 74 | kustomize build katalog/fluentd | kubectl apply -f - 75 | kustomize build katalog/kibana | kubectl apply -f - 76 | ``` -------------------------------------------------------------------------------- /docs/releases/v1.2.0.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | ## Changelog 4 | 5 | Changes between `1.1.0` and this release: `1.2.0` 6 | 7 | - Improve fluentd tolerations 8 | -------------------------------------------------------------------------------- /docs/releases/v1.2.1.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | ## Changelog 4 | 5 | Changes between `1.2.0` and this release: `1.2.1` 6 | 7 | - Refactorized E2E tests 8 | -------------------------------------------------------------------------------- /docs/releases/v1.3.0.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | This release contains a deeply update to this Fury Kubernetes Logging core module. 4 | 5 | ## Changelog 6 | 7 | Changes between `1.2.1` and this release: `1.3.0` 8 | 9 | - Packages updates: 10 | - [`cerebro`](../../katalog/cerebro) got updated from 0.8.1 to **0.8.5** 11 | - [`fluentd`](../../katalog/fluentd) got updated from 1.7.2 to **1.10.2** 12 | - [`elasticsearch`](../../katalog/elasticsearch) got updated from 6.4.1 to **6.8.6** 13 | - [`kibana`](../../katalog/kibana) got updated from 6.4.1 to **6.8.6** 14 | - [`curator`](../../katalog/curator) got updated from 5.6.0 to **5.8.1** 15 | - Improved security in [`kibana`](../../katalog/kibana) deployment. 16 | - Improved log parsing in [`fluentd`](../../katalog/fluentd). 17 | - Added nginx ingress controller index with parsed access logs entries. 18 | - Added healtchecks to: 19 | - [`cerebro`](../../katalog/cerebro) 20 | - [`kibana`](../../katalog/kibana) 21 | - [`fluentd`](../../katalog/fluentd) 22 | 23 | ## Upgrade Path 24 | 25 | This release contains a lot of changes regarding product versions but to make the upgrade just download the new 26 | released version applying it: 27 | 28 | ```bash 29 | kustomize build . 30 | kustomize build . | kubectl apply -f - 31 | ``` 32 | 33 | ### Considerations 34 | 35 | The elasticsearch update was tested successfully without doing any further action than applying the new version, but 36 | you can follow the 37 | [elasticsearch rolling upgrade documentation](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/rolling-upgrades.html) 38 | to make it more secure and reliable. Especially recommendable when running 39 | [elasticsearch-triple](../../katalog/elasticsearch-triple) -------------------------------------------------------------------------------- /docs/releases/v1.3.1.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | This release includes some missing alerts from elasticsearch server. 4 | 5 | ## Changelog 6 | 7 | Changes between `1.3.0` and this release: `1.3.1` 8 | 9 | - Added alerts to elasticsearch: 10 | - **ElasticClusterRed:** This alert fires when the health of the elasticsearch cluster is RED 11 | - **ElasticClusterYellow:** This alert fires when the health of the elasticsearch cluster is YELLOW 12 | - **ElasticNumberOfRelocationShards:** This alert fires when there are relocating shards for 30 minutes 13 | - **ElasticNumberOfInitializingShards:** This alert fires when there are initializing shards for 30 minutes 14 | - **ElasticNumberOfUnassignedShards:** This alert fires when there are unassigned shards for 30 minutes 15 | - **ElasticNumberOfPendingTasks:** This alert fires when there pending task for 30 minutes 16 | 17 | ## Upgrade Path 18 | 19 | This release contains a lot of changes regarding product versions but to make the upgrade just download the new 20 | released version applying it: 21 | 22 | ```bash 23 | kustomize build . 24 | kustomize build . | kubectl apply -f - 25 | ``` 26 | -------------------------------------------------------------------------------- /docs/releases/v1.4.0.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | This release contains a refactoring on fluentd. The new architecture moves from fluentd DaemonSet to fluentbit DaemonSet 4 | with fluentd as StatefulSet. 5 | 6 | ## Changelog 7 | 8 | Changes between `1.3.0` and this release: `1.4.0` 9 | 10 | - Added fluentbit DaemonSet 11 | - Fluentd as StatefulSet with buffer PVCs 12 | - New index as elasticsearch output on fluentd: 13 | - `kubernetes-*` all logs regarding workloads 14 | - `system-*` all logs regarding systemd 15 | - `ingress-controller-*` all logging regarding nginx ingress controller 16 | - `audit-*` all logging regarding audit 17 | - Added rules on Cerebro to clean the additional indexes 18 | 19 | ## Upgrade Path 20 | 21 | To upgrade to this release, you need to delete the fluentd daemonset: 22 | 23 | ```bash 24 | kubectl delete ds fluentd -n logging 25 | ``` 26 | 27 | This index template is also automatically created/force updated: 28 | 29 | `fluentd-index-sighup-template.json`: 30 | ```json 31 | { 32 | "index_patterns" : ["system-*","kubernetes-*","ingress-controller-*","audit-*"], 33 | "settings": { 34 | "number_of_shards": 1, 35 | "number_of_replicas": 2 36 | } 37 | } 38 | ``` 39 | 40 | To change the template, create your template file with the name: fluentd-index-sighup-template.json 41 | 42 | And do a kustomize replace: 43 | 44 | ```yaml 45 | configMapGenerator: 46 | - name: fluentd-index-template 47 | namespace: logging 48 | behavior: replace 49 | files: 50 | - fluentd-index-sighup-template.json=fluentd-index-sighup-template.json 51 | ``` 52 | 53 | Then apply the new manifests. 54 | 55 | 56 | ### Notes 57 | 58 | If you want to use `elasticsearch-single`, replace the default index template with: 59 | 60 | `fluentd-index-sighup-template.json`: 61 | ```json 62 | { 63 | "index_patterns" : ["system-*","kubernetes-*","ingress-controller-*","audit-*"], 64 | "settings": { 65 | "number_of_shards": 1, 66 | "number_of_replicas": 0 67 | } 68 | } 69 | ``` 70 | 71 | And replace it via kustomize 72 | 73 | ```yaml 74 | configMapGenerator: 75 | - name: fluentd-index-template 76 | namespace: logging 77 | behavior: replace 78 | files: 79 | - fluentd-index-sighup-template.json=fluentd-index-sighup-template.json 80 | ``` 81 | -------------------------------------------------------------------------------- /docs/releases/v1.5.0.md: -------------------------------------------------------------------------------- 1 | # Release notes 2 | 3 | ## Changelog 4 | 5 | Changes between `1.4.0` and this release: `1.5.0` 6 | 7 | - Support 1.16, 1.17 and 1.18 Kubernetes Version 8 | -------------------------------------------------------------------------------- /docs/releases/v1.6.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.6.0 2 | 3 | SIGHUP team maintains this module updated and tested. That is the main reason why we worked on this new release. 4 | With the Kubernetes 1.19 release, it became the perfect time to start testing this module against this Kubernetes 5 | release. During the latest release, 1.5.0, the team prepared the module to be easily updatable to the next major 6 | ElasticSearch version: from 6 to 7. Other minor works have been done in this module updating Cerebro and the log 7 | collector releases. 8 | 9 | Continue reading the [Changelog](#changelog) to discover them: 10 | 11 | ## Changelog 12 | 13 | - Update cerebro. From version `0.8.5` to `0.9.2`. 14 | - Update fluentd. From version `1.10.2` to `1.11.2`. 15 | - Update fluent-bit. From version `1.4.4` to `1.5.6`. 16 | - Update elasticsearch. From version `6.8.8` to `7.9.1` 17 | - Update kibana. From version `6.8.8` to `7.9.1` 18 | 19 | 20 | ## Upgrade path 21 | 22 | To upgrade this core module from `v1.5.0` to `v1.6.0`, you need to download this new version, then apply the 23 | `kustomize` project. No further action is required. 24 | 25 | ```bash 26 | $ kustomize build katalog/cerebro | kubectl apply -f - 27 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 28 | # or 29 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 30 | $ kustomize build katalog/fluentd | kubectl apply -f - 31 | $ kustomize build katalog/kibana | kubectl apply -f - 32 | ``` 33 | 34 | 35 | ### Important notes 36 | 37 | Before upgrading the `elasticsearch-{single,triple}` and the `kibana` package we recommend to ensure you read and 38 | understand the 39 | [elastic rolling-upgrade official documentation](https://www.elastic.co/guide/en/elasticsearch/reference/7.9/rolling-upgrades.html). 40 | 41 | 42 | Once read, be sure to check and follow these steps: 43 | 44 | **VERY IMPORTANT NOTE:** *Be sure to have a recent backup of the elasticsearch indexes.* 45 | 46 | Then, navigate to the Kibana dashboard, check the requirements to upgrade to the 7.X version. Do any action until you 47 | see the state ready to perform the upgrade: 48 | 49 | ![Kibana 6](../images/kibana-6.png) 50 | 51 | Once you have your elasticsearch cluster ready, apply the `kustomize` project for `elasticsearch` and `kibana`. 52 | 53 | *It can take some minutes (depending on the number of documents, indexes, and replicas)*. 54 | 55 | ```bash 56 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 57 | # or 58 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 59 | $ kustomize build katalog/kibana | kubectl apply -f - 60 | ``` 61 | 62 | Finally, once the new release is ready, visit again the (new) Kibana dashboard to check requirements to upgrade 63 | to the 8.X version. 64 | 65 | ![Kibana 7](../images/kibana-7-1.png) 66 | 67 | Then, reindex all old indexes that were created with the previous 6.X version: 68 | 69 | ![Kibana 7](../images/kibana-7-2.png) 70 | 71 | That's all! 72 | 73 | ![Kibana 7](../images/kibana-7-3.png) 74 | -------------------------------------------------------------------------------- /docs/releases/v1.7.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.7.0 2 | 3 | SIGHUP team maintains this module updated and tested. That is the main reason why we worked on this new release. 4 | With the Kubernetes 1.20 release, it became the perfect time to start testing this module against this Kubernetes 5 | release. Minor works have been done in this module updating Cerebro and the log collector releases. 6 | 7 | Also, since we changed the logging architecture (v1.4.0), we forgot to remove toleration in the fluentd 8 | StatefulSet. This setting allows fluentd to run on master nodes. 9 | 10 | 11 | Continue reading the [Changelog](#changelog) to discover them: 12 | 13 | ## Changelog 14 | 15 | - Update [cerebro](../../katalog/cerebro). From version `0.9.2` to [`0.9.3`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.3). 16 | - Reduced Cerebro requests 17 | - Update [fluentd](../../katalog/fluentd). From version `1.11.2` to [`1.11.5`](https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#release-v1115---20201106). 18 | - Remove fluentd StatefulSet tolerations. 19 | - Update [fluent-bit](../../katalog/fluentd). From version `1.5.6` to [`1.6.9`](https://fluentbit.io/announcements/v1.6.9/). 20 | - Update [elasticsearch](../../katalog/elasticsearch-single). From version `7.9.1` to [`7.10.1`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.10.1.html) 21 | - Update [kibana](../../katalog/kibana). From version `7.9.1` to [`7.10.1`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.10.1.html) 22 | - Kubernetes support: 23 | - Deprecate Kubernetes 1.16 support. 24 | - Kubernetes 1.19 is considered stable. 25 | - Add tech-preview support to Kubernetes 1.20. 26 | - All the container images come from the SIGHUP registry to avoid rate limits. 27 | 28 | ## Upgrade path 29 | 30 | To upgrade this core module from `v1.5.0` to `v1.6.0`, you need to download this new version, then apply the 31 | `kustomize` project. No further action is required. 32 | 33 | ```bash 34 | $ kustomize build katalog/cerebro | kubectl apply -f - 35 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 36 | # or 37 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 38 | $ kustomize build katalog/fluentd | kubectl apply -f - 39 | $ kustomize build katalog/kibana | kubectl apply -f - 40 | ``` 41 | 42 | ### Important notes 43 | 44 | Before upgrading the `elasticsearch-{single,triple}` and the `kibana` package we recommend ensuring you read and 45 | understand the 46 | [elastic rolling-upgrade official documentation](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/rolling-upgrades.html). 47 | -------------------------------------------------------------------------------- /docs/releases/v1.7.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.7.1 2 | 3 | This new release contains a couple of necessary fixes to apply to the logging module in your cluster. 4 | 5 | Continue reading the [Changelog](#changelog) to discover them: 6 | 7 | ## Changelog 8 | 9 | - Format all kustomize `yaml` files. Thanks to @nikever and @nutellinoit 10 | - Move all container images from `reg.sighup.io` -> `registry.sighup.io`. Thanks to @nikever and @nutellinoit 11 | - FIX: Nginx ingress controller access log parsing on 30X status code. Spotted and fixed by @lzecca78 12 | 13 | 14 | ## Upgrade path 15 | 16 | To upgrade this core module from `v1.7.0` to `v1.7.1`, you need to download this new version, then apply the 17 | `kustomize` project. No further action is required. 18 | 19 | ```bash 20 | $ kustomize build katalog/curator | kubectl apply -f - 21 | $ kustomize build katalog/cerebro | kubectl apply -f - 22 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 23 | # or 24 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 25 | $ kustomize build katalog/fluentd | kubectl apply -f - 26 | $ kustomize build katalog/kibana | kubectl apply -f - 27 | ``` 28 | -------------------------------------------------------------------------------- /docs/releases/v1.8.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.8.0 2 | 3 | :x: This release contains issues, please use the version `1.9.1` instead. 4 | 5 | SIGHUP team maintains this module updated and tested. That is the main reason why we worked on this new release. 6 | With the Kubernetes 1.21 release, it became the perfect time to start testing this module against this Kubernetes 7 | release. 8 | 9 | Continue reading the [Changelog](#changelog) to discover them: 10 | 11 | ## Changelog 12 | 13 | - Update [cerebro](../../katalog/cerebro). From version `0.9.3` to [`0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.3). 14 | - Update [fluentd](../../katalog/fluentd). From version `1.11.5` to [`1.12.3`](https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#release-v1115---20201106). 15 | - Update [fluent-bit](../../katalog/fluentd). From version `1.6.9` to [`1.7.7`](https://fluentbit.io/announcements/v1.7.7/). 16 | - Added dedot functionallity for labels and annotations. #30. Thanks to @nutellinoit 17 | - Update [elasticsearch](../../katalog/elasticsearch-single). From version `7.10.1` to [`7.13.0`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.13.0.html) 18 | - Update [kibana](../../katalog/kibana). From version `7.10.1` to [`7.13.0`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.13.0.html) 19 | - Improve how index pattern are created. #31. Thanks to @lzecca78 20 | - Kubernetes support: 21 | - Deprecate Kubernetes 1.17 support. 22 | - Kubernetes 1.20 is considered stable. 23 | - Add tech-preview support to Kubernetes 1.21. 24 | - Adds [curator-s3](../../katalog/curator-s3). Thanks to @lzecca78 25 | 26 | ## Upgrade path 27 | 28 | To upgrade this core module from `v1.7.0` to `v1.8.0`, you need to download this new version, then apply the 29 | `kustomize` project. No further action is required. 30 | 31 | ```bash 32 | $ kustomize build katalog/cerebro | kubectl apply -f - 33 | $ kustomize build katalog/curator | kubectl apply -f - 34 | # or 35 | $ kustomize build katalog/curator-s3 | kubectl apply -f - 36 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 37 | # or 38 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 39 | $ kustomize build katalog/fluentd | kubectl apply -f - 40 | $ kustomize build katalog/kibana | kubectl apply -f - 41 | ``` 42 | 43 | ### Important notes 44 | 45 | Before upgrading the `elasticsearch-{single,triple}` and the `kibana` package we recommend ensuring you read and 46 | understand the 47 | [elastic rolling-upgrade official documentation](https://www.elastic.co/guide/en/elasticsearch/reference/7.13/rolling-upgrades.html). 48 | -------------------------------------------------------------------------------- /docs/releases/v1.9.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.9.0 2 | 3 | `fury-kubernetes-logging` is part of the SIGHUP maintained [SIGHUP Distribution](https://github.com/sighupio/fury-distribution). The module ships a logging stack to be deployed on the Kubernetes cluster based on ElasticSearch. Team SIGHUP makes it a priority to maintain these modules in compliance with CNCF and with all the latest features from upstream. 4 | 5 | This release introduces the support for Kubernetes runtime `1.22` and drops support for `1.18`. Refer the [Compatibility Matrix](https://github.com/sighupio/fury-kubernetes-logging#compatibility) for more. 6 | 7 | ## Changelog 8 | 9 | ### Breaking Changes 10 | > None 11 | ### Features 12 | - [#39](https://github.com/sighupio/fury-kubernetes-logging/pull/39) Supporting e2e test for 1.22.0 kubernetes 13 | - [#24](https://github.com/sighupio/fury-kubernetes-logging/pull/24) Changed Kibana rolling strategy to Recreate and removing kibana cpu limits. Thanks to @nutellinoit. 14 | - [#36](https://github.com/sighupio/fury-kubernetes-logging/pull/36) Upgrading Kibana from v7.13.0 to [v7.13.3](https://github.com/elastic/kibana/releases/tag/v7.13.3) 15 | - [#35](https://github.com/sighupio/fury-kubernetes-logging/pull/35) Upgrading Fluentd from v1.12.3 to [v1.14.0](https://github.com/fluent/fluentd/releases/tag/v1.14.0) 16 | - [#36](https://github.com/sighupio/fury-kubernetes-logging/pull/36) Upgrading Fluentd from v1.7.7 to [v1.8.2](https://github.com/fluent/fluent-bit/releases/tag/v1.8.2) 17 | ### Bug Fixes 18 | - [#40](https://github.com/sighupio/fury-kubernetes-logging/pull/40) Added startupProbe that creates index-patterns, reverted readinessProbe to the previous version. Thanks to @nutellinoit. 19 | ### Security Fixes 20 | > None 21 | #### Documentation updates 22 | > None 23 | 24 | ### Upgrade Guide 25 | 26 | #### Warnings 27 | 28 | Upgrade from `v1.8.0` to `v1.9.0` should be fairly smooth. 29 | 30 | #### Process 31 | 32 | To upgrade this core module from `v1.8.0` to `v1.9.0`, you need to download this new version, then apply the `kustomize` project. No further action is required. 33 | 34 | ```bash 35 | $ kustomize build katalog/cerebro | kubectl apply -f - 36 | $ kustomize build katalog/curator | kubectl apply -f - 37 | # or 38 | $ kustomize build katalog/curator-s3 | kubectl apply -f - 39 | $ kustomize build katalog/elasticsearch-single | kubectl apply -f - 40 | # or 41 | $ kustomize build katalog/elasticsearch-triple | kubectl apply -f - 42 | $ kustomize build katalog/fluentd | kubectl apply -f - 43 | $ kustomize build katalog/kibana | kubectl apply -f - 44 | ``` 45 | -------------------------------------------------------------------------------- /docs/releases/v1.9.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.9.1 2 | 3 | `fury-kubernetes-logging` is part of the SIGHUP maintained [SIGHUP Distribution](https://github.com/sighupio/fury-distribution). The module ships a logging stack to be deployed on the Kubernetes cluster based on ElasticSearch. Team SIGHUP makes it a priority to maintain these modules in compliance with CNCF and with all the latest features from upstream. 4 | 5 | This is a patch release fixing a deprecated apiVersion usage in logging 6 | module. 7 | 8 | ## Changelog 9 | 10 | ### Breaking Changes 11 | > None 12 | ### Features 13 | ### Bug Fixes 14 | - [#48](https://github.com/sighupio/fury-kubernetes-logging/pull/48) Fix deprecated apiVersion usage for Role and RoleBinding 15 | ### Security Fixes 16 | > None 17 | #### Documentation updates 18 | > None 19 | 20 | ### Upgrade Guide 21 | 22 | #### Warnings 23 | 24 | Upgrade from `v1.9.0` to `v1.9.1` should be fairly smooth. 25 | 26 | #### Process 27 | 28 | To upgrade this core module from `v1.9.0` to `v1.9.1`, you need to download this new version, then apply the `kustomize` project. No further action is required. 29 | 30 | ```bash 31 | $ kustomize build katalog/curator-s3 | kubectl apply -f - 32 | curator-s3 configured 33 | ``` 34 | -------------------------------------------------------------------------------- /docs/releases/v1.9.2.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module version 1.9.2 2 | 3 | :x: This release contains issues do not use. 4 | 5 | `fury-kubernetes-logging` is part of the SIGHUP maintained [SIGHUP Distribution](https://github.com/sighupio/fury-distribution). The module ships a logging stack to be deployed on the Kubernetes cluster based on ElasticSearch. Team SIGHUP makes it a priority to maintain these modules in compliance with CNCF and with all the latest features from upstream. 6 | 7 | This is a patch release that adds a Makefile to the logging module, along with a `Contributing.md` which describes dev workflow for the module management. This release also updates the bumpversion configuration file. 8 | 9 | ## Changelog 10 | 11 | ### Breaking Changes 12 | > None 13 | ### Features 14 | > None 15 | ### Bug Fixes 16 | > None 17 | ### Security Fixes 18 | > None 19 | #### Documentation updates 20 | - [#46](https://github.com/sighupio/fury-kubernetes-logging/pull/46) Add a canonical JSON builder for the logging module 21 | - [#47](https://github.com/sighupio/fury-kubernetes-logging/pull/47) Add SD labels to all module components 22 | - [#49](https://github.com/sighupio/fury-kubernetes-logging/pull/49) Add Makefile to the logging module 23 | 24 | ### Upgrade Guide 25 | 26 | #### Warnings 27 | 28 | This release adds no functionality changes for the kubernetes module. So no upgrade is necessary. 29 | -------------------------------------------------------------------------------- /docs/releases/v2.0.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 2.0.1 2 | 3 | Welcome to the latest release of `logging` module of [`Kubernetes Fury 4 | Distribution`](https://github.com/sighupio/fury-distribution) maintained by team 5 | SIGHUP. 6 | 7 | This is a patch version with the goal of fixing some bugs. 8 | 9 | ## Component Images 🚢 10 | 11 | | Component | Supported Version | Previous Version | 12 | |--------------------|--------------------------------------------------------------------------------------------------------|------------------| 13 | | `elasticsearch` | [`v7.16.2`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.3.html) | `No update` | 14 | | `kibana` | [`v7.16.2`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.16.2.html) | `No update` | 15 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 16 | | `curator` | [`v5.8.4`](https://github.com/elastic/curator/releases/tag/v5.8.4) | `No update` | 17 | | `logging-operator` | [`v3.17.2`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.2) | `No update` | 18 | 19 | ## Bug Fixes 🐛 20 | 21 | - [#73](https://github.com/sighupio/fury-kubernetes-logging/issues/73) Update fluent-bit image in the Logging stack to 22 | `v1.8.15` to fix a bug when logrotation occurs. 23 | - [#74](https://github.com/sighupio/fury-kubernetes-logging/issues/74) Fix compatibility to gather dual-nginx deployment 24 | logs. 25 | 26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /docs/releases/v2.0.2.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 2.0.2 2 | 3 | Welcome to the latest release of `logging` module of [`Kubernetes Fury 4 | Distribution`](https://github.com/sighupio/fury-distribution) maintained by team 5 | SIGHUP. 6 | 7 | This is a patch release fixing fluent-bit stale token problem. Up until Kubernetes 1.20, Service Accounts did NOT expire. 8 | From K8s 1.21, Service Accounts are set to expire. This will cause applications using expired tokens to stop working. 9 | 10 | ## Component Images 🚢 11 | 12 | | Component | Supported Version | Previous Version | 13 | |--------------------|--------------------------------------------------------------------------------------------------------|------------------| 14 | | `elasticsearch` | [`v7.16.2`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.3.html) | `No update` | 15 | | `kibana` | [`v7.16.2`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.16.2.html) | `No update` | 16 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 17 | | `curator` | [`v5.8.4`](https://github.com/elastic/curator/releases/tag/v5.8.4) | `No update` | 18 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.2) | `v3.17.2` | 19 | 20 | ## Bug Fixes and Changes 🐛 21 | 22 | - Update fluent-bit image in the Logging stack to `v1.9.5` to fix stale SA token issue and update logging-operator to 23 | version `v3.17.7`. 24 | - [#81](https://github.com/sighupio/fury-kubernetes-logging/pull/81) tuned Kibana values and removed unused plugins. 25 | Thanks to @nohant. 26 | - Fix audit nodeSelector, from `node.kubernetes.io/role: master` to `node-role.kubernetes.io/master: ""` 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /docs/releases/v2.0.3.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 2.0.3 2 | 3 | Welcome to the latest release of `logging` module of [`Kubernetes Fury 4 | Distribution`](https://github.com/sighupio/fury-distribution) maintained by team 5 | SIGHUP. 6 | 7 | This is a patch release fixing curator index rotation. 8 | 9 | ## Component Images 🚢 10 | 11 | | Component | Supported Version | Previous Version | 12 | |--------------------|--------------------------------------------------------------------------------------------------------|------------------| 13 | | `elasticsearch` | [`v7.16.2`](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.3.html) | `No update` | 14 | | `kibana` | [`v7.16.2`](https://www.elastic.co/guide/en/kibana/current/release-notes-7.16.2.html) | `No update` | 15 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 16 | | `curator` | [`v5.8.4`](https://github.com/elastic/curator/releases/tag/v5.8.4) | `No update` | 17 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.7) | `No update` | 18 | 19 | ## Bug Fixes and Changes 🐛 20 | 21 | - [#89](https://github.com/sighupio/fury-kubernetes-logging/pull/89) missing indexes on curator. 22 | 23 | ## Update Guide 🦮 24 | 25 | ### Process 26 | 27 | To upgrade the module run: 28 | 29 | ```bash 30 | kustomize build | kubectl apply -f - 31 | ``` 32 | 33 | -------------------------------------------------------------------------------- /docs/releases/v3.0.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.0.0 2 | 3 | Welcome to the latest release of `logging` module of the [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | ⚠️ This is a major release including a **breaking change** that replaces Elasticsearch and Kibana stack with the OpenSearch alternative. 6 | Curator and its variants are also removed. 7 | 8 | ## Component Images 🚢 9 | 10 | | Component | Supported Version | Previous Version | 11 | |--------------------------|--------------------------------------------------------------------------------------------------------|------------------| 12 | | `opensearch` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.0.0) | `New component` | 13 | | `opensearch-dashboards` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.0.0) | `New component` | 14 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 15 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.7) | `No update` | 16 | | `loki-stack` | [`v2.4.2`](https://github.com/grafana/loki/releases/tag/v2.4.2) | `New component` | 17 | 18 | > Please refer to the individual release notes to get detailed information on each release. 19 | 20 | ## New package: Welcome OpenSearch! 📕 21 | 22 | This release completely removes the Elasticsearch and Kibana stack in favor of the OpenSearch cluster and OpenSearch Dashboards UI. 23 | 24 | ## Removals: Curator and its variants 🚮 25 | 26 | This release completely removes Curator package and its variants. The index expiration is now managed via ISM policies on the OpenSearch cluster. 27 | 28 | ## Technical preview: Loki 🔬 29 | 30 | We are also adding Loki storage as an alternative to OpenSearch. This is a preview release and is not considered production ready. 31 | 32 | ## Update Guide 🦮 33 | 34 | The update procedure is pretty straightforward, you just need to install the new stack. 35 | The suggested approach is to maintain the old Elasticsearch and Kibana stack up&running while the new OpenSearch stack starts to receive logs. 36 | 37 | Also, all the configurations for the logging operator are updated to send logs to the new OpenSearch cluster. 38 | 39 | Apply the new stack: 40 | 41 | ```bash 42 | kustomize build vendor/katalog/logging-operator | kubectl apply -f - 43 | kustomize build vendor/katalog/logging-operated | kubectl apply -f - 44 | kustomize build vendor/katalog/configs | kubectl apply -f - 45 | # You can choose the single or triple opensearch deployment 46 | kustomize build vendor/katalog/opensearch-single | kubectl apply -f - 47 | kustomize build vendor/katalog/opensearch-dashboards | kubectl apply -f - 48 | ``` 49 | 50 | > **NOTE**: *Run `kubectl apply` multiple times until you see no errors in the console* 51 | 52 | When everything is ok on the OpenSearch side, you can proceed with the removal of the old stack: 53 | 54 | ```bash 55 | kubectl delete statefulset elasticsearch -n logging 56 | kubectl delete service elasticsearch -n logging 57 | kubectl delete prometheusrule es-rules -n logging 58 | kubectl delete servicemonitor elasticsearch -n logging 59 | kubectl delete deployment kibana -n logging 60 | kubectl delete service kibana -n logging 61 | kubectl delete cronjob curator -n logging 62 | ``` 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /docs/releases/v3.0.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.0.1 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) 4 | maintained by team SIGHUP by ReeVo. 5 | 6 | This is a patch release that adds fixes. 7 | 8 | ## Component Images 🚢 9 | 10 | | Component | Supported Version | Previous Version | 11 | |--------------------------|--------------------------------------------------------------------------------------------------------|------------------| 12 | | `opensearch` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.0.0) | `No update` | 13 | | `opensearch-dashboards` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.0.0) | `No update` | 14 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 15 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.7) | `No update` | 16 | | `loki-stack` | [`v2.4.2`](https://github.com/grafana/loki/releases/tag/v2.4.2) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - [#96](https://github.com/sighupio/fury-kubernetes-logging/pull/96) fixing alerts descriptions. 21 | - [#98](https://github.com/sighupio/fury-kubernetes-logging/pull/98) fixing node selection on `audit` and `etcd` HostTailers. 22 | 23 | ## Update Guide 🦮 24 | 25 | ### Process 26 | 27 | To upgrade the module run: 28 | 29 | ```bash 30 | kustomize build | kubectl apply -f - 31 | ``` 32 | 33 | -------------------------------------------------------------------------------- /docs/releases/v3.0.2.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.0.2 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This is a patch release that adds some enhancements and fixes. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | |--------------------------|--------------------------------------------------------------------------------------------------------|------------------| 11 | | `opensearch` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.0.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.0.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.7) | `No update` | 15 | | `loki-stack` | [`v2.4.2`](https://github.com/grafana/loki/releases/tag/v2.4.2) | `No update` | 16 | 17 | ## Bug Fixes and Changes 🐛 18 | 19 | - Changed the Fluentd log level to debug and enabled `log_os_400_reason: true` on all OpenSearch outputs so that rejected logs from OpenSearch are labeled @ERROR and captured on Minio. 20 | - Added a retention of 7 days for saved objects on Minio. 21 | - Removed the emission of `@ERROR` logs that cannot be parsed in JSON from ClusterFlow Kubernetes. 22 | 23 | ## Update Guide 🦮 24 | 25 | ### Process 26 | 27 | To upgrade the module run: 28 | 29 | ```bash 30 | kustomize build | kubectl apply -f - 31 | ``` 32 | 33 | -------------------------------------------------------------------------------- /docs/releases/v3.0.3.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.0.2 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This is a patch release that adds some enhancements and fixes. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | |--------------------------|--------------------------------------------------------------------------------------------------------|------------------| 11 | | `opensearch` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.0.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.0.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.0.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v3.17.7`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.7) | `No update` | 15 | | `loki-stack` | [`v2.4.2`](https://github.com/grafana/loki/releases/tag/v2.4.2) | `No update` | 16 | 17 | ## Bug Fixes and Changes 🐛 18 | 19 | - Updated initContainer on OpenSearch, to change `vm.max_map_count` and `fs.file-max` only if the value is lower than expected. 20 | 21 | ## Update Guide 🦮 22 | 23 | ### Process 24 | 25 | To upgrade the module run: 26 | 27 | ```bash 28 | kustomize build | kubectl apply -f - 29 | ``` 30 | 31 | -------------------------------------------------------------------------------- /docs/releases/v3.1.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.1.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update includes new versions of various components, such as OpenSearch and OpenSearch Dashboards, as well as bug fixes and changes, such as support for Kubernetes 1.25 and the introduction of two new packages, Loki distributed and minio-ha. 6 | Additionally, a new Infra flow has been added to retrieve all infrastructural (SD) logs. 7 | 8 | ## Component Images 🚢 9 | 10 | | Component | Supported Version | Previous Version | 11 | |--------------------------|--------------------------------------------------------------------------------------------------------|------------------| 12 | | `opensearch` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0) | `2.0.0` | 13 | | `opensearch-dashboards` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.5.0) | `2.0.0` | 14 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 15 | | `logging-operator` | [`v3.17.10`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.10) | `3.17.7` | 16 | | `loki-distributed` | [`v2.7.3`](https://github.com/grafana/loki/releases/tag/v2.7.3) | `New package` | 17 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `New package` | 18 | 19 | ## Bug Fixes and Changes 🐛 20 | 21 | - Added support for Kubernetes 1.25. 22 | - Introduced Loki distributed package ready for production use. 23 | - Introduced minio-ha package to store errors from Fluentd, and as an S3 backend for Loki. 24 | - The Kubernetes ClusterFlow now exclude by default all the infrastructural (SD) log, a new Infra ClusterFlow has been added to collect all the infrastructural (SD) logs. 25 | - Removed the two non-clustered MinIO pods from logging-operated package, minio-ha package is now a requirement. 26 | 27 | ## Update Guide 🦮 28 | 29 | ### Process 30 | 31 | To upgrade the module run: 32 | 33 | ```bash 34 | kustomize build | kubectl apply -f - 35 | ``` 36 | 37 | > Note: Now, `logging-operated` and `loki-distributed` requires the installation of the `minio-ha` package. After the installation, you can safely remove the `minio` StatefulSet with `kubectl delete sts minio -n logging`. 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /docs/releases/v3.1.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.1.1 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This is a patch release that includes bug fixes, see [here for more](#bug-fixes-and-changes-). 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `opensearch` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.5.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v3.17.10`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.10) | `No update` | 15 | | `loki-distributed` | [`v2.7.3`](https://github.com/grafana/loki/releases/tag/v2.7.3) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Missing index pattern `infra-*` on OpenSearch Dashboards 21 | - `gatekeeper-system` namespace was not excluded from kubernetes flow and included in infra flow 22 | - Bump `fluent-bit` version to 1.9.5 in all `HostTailers`. 23 | - Add `containerd` to systemd tailers. 24 | 25 | ## Update Guide 🦮 26 | 27 | ### Process 28 | 29 | To upgrade the module run: 30 | 31 | ```bash 32 | kustomize build | kubectl apply -f - 33 | ``` 34 | -------------------------------------------------------------------------------- /docs/releases/v3.1.2.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.1.2 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This is a patch release fixing a bug with the included Grafana dashboard, see [here for more](#bug-fixes-and-changes-). 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `opensearch` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.5.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v3.17.10`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.10) | `No update` | 15 | | `loki-distributed` | [`v2.7.3`](https://github.com/grafana/loki/releases/tag/v2.7.3) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Updated the included Grafana dashboard in the Logging Operated package, the old version was using metrics that are not available anymore, breaking some widgets. 21 | 22 | ## Update Guide 🦮 23 | 24 | ### Process 25 | 26 | To upgrade the module run: 27 | 28 | ```bash 29 | kustomize build | kubectl apply -f - 30 | ``` 31 | -------------------------------------------------------------------------------- /docs/releases/v3.1.3.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.1.3 2 | 3 | Welcome to the latest release of `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This is a patch release adding Prometheus Alerts for the included Minio-HA deployment. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `opensearch` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.5.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.5.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v3.17.10`](https://github.com/banzaicloud/logging-operator/releases/tag/3.17.10) | `No update` | 15 | | `loki-distributed` | [`v2.7.3`](https://github.com/grafana/loki/releases/tag/v2.7.3) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Add Alert rules for MinioHA for offline disks, offline minio nodes, and low available disk space. 21 | 22 | ## Update Guide 🦮 23 | 24 | ### Process 25 | 26 | To upgrade the module run: 27 | 28 | ```bash 29 | kustomize build | kubectl apply -f - 30 | ``` 31 | -------------------------------------------------------------------------------- /docs/releases/v3.2.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.2.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update includes new versions of various components and adds support for Kubernetes 1.26. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | |--------------------------|-----------------------------------------------------------------------------------------------------|------------------| 11 | | `opensearch` | [`v2.7.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.7.0) | `2.5.0` | 12 | | `opensearch-dashboards` | [`v2.7.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.7.0) | `2.5.0` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v4.3.0`](https://github.com/kube-logging/logging-operator/releases/tag/4.1.0) | `3.17.10` | 15 | | `loki-distributed` | [`v2.8.0`](https://github.com/grafana/loki/releases/tag/v2.8.0) | `2.7.3` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Added support for Kubernetes 1.26. 21 | 22 | ## Update Guide 🦮 23 | 24 | ### Process 25 | 26 | To upgrade the module run: 27 | 28 | ```bash 29 | kustomize build | kubectl apply -f - 30 | ``` 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /docs/releases/v3.2.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.2.1 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This patch release rolls back the version of `fluentd` due to a [bug](https://github.com/opensearch-project/opensearch-ruby/issues/205) whose fix has not been released yet. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | |--------------------------|-----------------------------------------------------------------------------------------------------|------------------| 11 | | `opensearch` | [`v2.7.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.7.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.7.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.7.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v4.3.0`](https://github.com/kube-logging/logging-operator/releases/tag/4.1.0) | `No update` | 15 | | `loki-distributed` | [`v2.8.0`](https://github.com/grafana/loki/releases/tag/v2.8.0) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Rollback `fluentd` to `v1.14.6` 21 | 22 | ## Update Guide 🦮 23 | 24 | ### Process 25 | 26 | To upgrade the module run: 27 | 28 | ```bash 29 | kustomize build | kubectl apply -f - 30 | ``` 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /docs/releases/v3.3.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.3.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update includes new versions of various components and adds support for Kubernetes 1.27. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | |--------------------------|-----------------------------------------------------------------------------------------------------|------------------| 11 | | `opensearch` | [`v2.11.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.11.0) | `2.7.0` | 12 | | `opensearch-dashboards` | [`v2.11.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.11.0) | `2.7.0` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v4.4.1`](https://github.com/kube-logging/logging-operator/releases/tag/4.4.1) | `4.3.0` | 15 | | `loki-distributed` | [`v2.9.2`](https://github.com/grafana/loki/releases/tag/v2.9.2) | `2.8.0` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Added support for Kubernetes 1.27. 21 | - `fluentd` is still pinned to version `v1.14.6` due to incompatibilities with OpenSearch 22 | 23 | ## Update Guide 🦮 24 | 25 | ### Process 26 | 27 | To upgrade the module run: 28 | 29 | ```bash 30 | kustomize build | kubectl apply -f - 31 | ``` 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /docs/releases/v3.3.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.3.1 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update adds `tracing` and `kyverno` namespaces to the infra flow and excludes it in the kubernetes flow. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `opensearch` | [`v2.11.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.11.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.11.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.11.0) | `No update` | 13 | | `cerebro` | [`v0.9.4`](https://github.com/lmenezes/cerebro/releases/tag/v0.9.4) | `No update` | 14 | | `logging-operator` | [`v4.4.1`](https://github.com/kube-logging/logging-operator/releases/tag/4.4.1) | `No update` | 15 | | `loki-distributed` | [`v2.9.2`](https://github.com/grafana/loki/releases/tag/v2.9.2) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Update Guide 🦮 19 | 20 | ### Process 21 | 22 | To upgrade the module run: 23 | 24 | ```bash 25 | kustomize build | kubectl apply -f - 26 | ``` 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /docs/releases/v3.4.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.4.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update includes new versions of various components, removes Cerebro, and adds support for Kubernetes 1.28 and 1.29. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `cerebro` | removed | `0.9.4` | 12 | | `opensearch` | [`v2.12.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.12.0) | `2.11.0` | 13 | | `opensearch-dashboards` | [`v2.12.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.12.0) | `2.11.0` | 14 | | `logging-operator` | [`v4.5.6`](https://github.com/kube-logging/logging-operator/releases/tag/4.5.6) | `4.4.1` | 15 | | `loki-distributed` | [`v2.9.2`](https://github.com/grafana/loki/releases/tag/v2.9.2) | `No update` | 16 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Added support for Kubernetes versions 1.28 and 1.29. 21 | - Removed Cerebro 22 | - Add positiondb hostPath `/var/log/infra-fluentbit-pos` to persist fluentbit log forward history 23 | 24 | ## Update Guide 🦮 25 | 26 | ### Process 27 | 28 | To upgrade the module, follow the next steps: 29 | 30 | 1. If you had Cerebro installed, you may want to remove it from the cluster using the copy in your `vendor` folder: 31 | 32 | ```bash 33 | kustomize build vendor/katalog/logging/cerebro | kubectl delete -f - 34 | ``` 35 | 36 | 2. Download the new version of the module 37 | 3. Update the rest of the packages: 38 | 39 | ```bash 40 | kustomize build | kubectl apply -f - 41 | ``` 42 | 43 | #### Remove Cerebro after upgrading 44 | 45 | If you don't have a local copy of Cerebro on your vendor folder, run the following commands to remove it: 46 | 47 | ```bash 48 | kubectl delete deployment -n logging cerebro 49 | kubectl delete service -n logging cerebro 50 | ``` 51 | 52 | Identify the name for Cerebro's configmap and delete it: 53 | 54 | ```bash 55 | # get all the configmaps that the name starts with cerebro-config 56 | kubectl get configmap -n logging -ojson | jq -r '.items[] | select(.metadata.name | startswith("cerebro-config")) | .metadata.name' 57 | # validate that the output it valid, then remove all of them 58 | kubectl get configmap -n logging -ojson | jq -r '.items[] | select(.metadata.name | startswith("cerebro-config")) | .metadata.name' | xargs kubectl delete configmap -n logging 59 | ``` 60 | -------------------------------------------------------------------------------- /docs/releases/v3.4.1.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 3.4.1 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update is a minor patch with a little fix on ingress fluentd outputs 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 11 | | `opensearch` | [`v2.12.0`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.12.0) | `No update` | 12 | | `opensearch-dashboards` | [`v2.12.0`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.12.0) | `No update` | 13 | | `logging-operator` | [`v4.5.6`](https://github.com/kube-logging/logging-operator/releases/tag/4.5.6) | `No update` | 14 | | `loki-distributed` | [`v2.9.2`](https://github.com/grafana/loki/releases/tag/v2.9.2) | `No update` | 15 | | `minio-ha` | [`vRELEASE.2023-01-12T02-06-16Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `No update` | 16 | 17 | ## Bug Fixes and Changes 🐛 18 | 19 | - fix: keep k8s labels for ingress-flow @ralgozino 20 | 21 | ## Update Guide 🦮 22 | 23 | ### Process 24 | 25 | To upgrade the module run: 26 | 27 | ```bash 28 | kustomize build | kubectl apply -f - 29 | ``` 30 | -------------------------------------------------------------------------------- /docs/releases/v4.0.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release 4.0.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update is a major version that adds support for the Kubernetes version 1.30 and 1.31. It also introduces a **breaking change** with the new time series database for Loki [`TSDB`](https://grafana.com/docs/loki/v2.9.x/operations/storage/tsdb/) along with the new [`v13 schema`](https://grafana.com/docs/loki/v2.9.x/operations/storage/schema/). 6 | These changes will improve efficiency, speed and scalability of Loki clusters. 7 | 8 | ## Component Images 🚢 9 | 10 | | Component | Supported Version | Previous Version | 11 | | ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------- | 12 | | `opensearch` | [`v2.17.1`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.12.0) | `2.12.0` | 13 | | `opensearch-dashboards` | [`v2.17.1`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.12.0) | `2.12.0` | 14 | | `logging-operator` | [`v4.10.0`](https://github.com/kube-logging/logging-operator/releases/tag/4.10.0) | `4.5.6` | 15 | | `loki-distributed` | [`v2.9.10`](https://github.com/grafana/loki/releases/tag/v2.9.10) | `2.9.2` | 16 | | `minio-ha` | [`RELEASE.2024-10-13T13-34-11Z`](https://github.com/minio/minio/tree/RELEASE.2023-01-12T02-06-16Z) | `RELEASE.2023-01-12T02-06-16Z` | 17 | 18 | ## Bug Fixes and Changes 🐛 19 | 20 | - Added support for Kubernetes version 1.30 and 1.31 21 | 22 | - **New schema and store for Loki**: The Loki configuration has been extended to add the new TSDB store and v13 schema. There are two new elements in the configuration (note: **this is a breaking change**): 23 | 24 | ```yaml 25 | ... 26 | schema_config: 27 | ... 28 | - from: "2024-12-01" 29 | index: 30 | period: 24h 31 | prefix: index_ 32 | object_store: s3 33 | schema: v13 34 | store: tsdb 35 | ... 36 | storage_config: 37 | ... 38 | tsdb_shipper: 39 | active_index_directory: /var/loki/index 40 | cache_location: /var/loki/cache 41 | cache_ttl: 24h 42 | resync_interval: 5s 43 | shared_store: s3 44 | ``` 45 | 46 | The two pieces of new configuration introduced are: 47 | - The new schema config with TSDB and schema v13 48 | - The `tsdb_shipper` conf that configures the storage for TSDB 49 | 50 | The `from` in `schema_config` should be a string in `ISO 8601` date format and it represents the day starting from which Loki will record logs with the new store and schema. 51 | 52 | ℹ️ **Note**: Loki will assume the start of the day on the UTC midnight of the specified day. 53 | 54 | ## Breaking Changes 💔 55 | 56 | - **Loki store and schema change:** A new store and schema has been introduced in order to improve efficiency, speed and scalability of Loki clusters. 57 | 58 | ## Update Guide 🦮 59 | 60 | ⚠ Before upgrading read about the changes in Loki schema and store 61 | 62 | ### Upgrade using the distribution 63 | 64 | To upgrade the module using the distribution please refer to the [`official documentation`](https://docs.kubernetesfury.com/docs/upgrades/upgrades) 65 | 66 | ### Manual Upgrade 67 | 68 | ℹ️ **Note:** Manually upgrading the module is deprecated. It is reccommended to use [`fury distribution`](https://github.com/sighupio/fury-distribution) 69 | 70 | To upgrade the module run: 71 | 72 | ```bash 73 | kustomize build | kubectl apply -f - 74 | ``` 75 | -------------------------------------------------------------------------------- /docs/releases/v5.0.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release v5.0.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | This update is a major version that adds support for the Kubernetes version 1.32 and drops support for 1.28. It also updates all components of module to the latest versions, including new features, security patches and bug fixes. 6 | 7 | ## Component Images 🚢 8 | 9 | | Component | Supported Version | Previous Version | 10 | | ----------------------- | -------------------------------------------------------------------------------------------------- | ------------------------------ | 11 | | `opensearch` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.1) | `2.17.1` | 12 | | `opensearch-dashboards` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.19.1) | `2.17.1` | 13 | | `logging-operator` | [`v5.2.0`](https://github.com/kube-logging/logging-operator/releases/tag/5.2.0) | `4.10.0` | 14 | | `loki-distributed` | [`v3.4.2`](https://github.com/grafana/loki/releases/tag/v3.4.2) | `2.9.10` | 15 | | `minio-ha` | [`RELEASE.2025-02-28T09-55-16Z`](https://github.com/minio/minio/tree/RELEASE.2025-02-28T09-55-16Z) | `RELEASE.2024-10-13T13-34-11Z` | 16 | 17 | ## Bug Fixes and Changes 🐛 18 | 19 | - Added support for Kubernetes version 1.32 20 | - Updated MinIO to version `RELEASE.2025-02-28T09-55-16Z` 21 | - Updated Logging Operator to version `5.2.0` 22 | - Added a ServiceMonitor resource for Logging Operator 23 | - Updated Loki to version `3.4.2` 24 | - Updated OpenSearch and OpenSearch Dashboards images to `2.19.1` 25 | - Added a ServiceMonitor for OpenSearch Dashboards 26 | 27 | ## Breaking Changes 💔 28 | 29 | Starting with the v5.0.0 of the Logging Core Module Loki version has been bumped to 3.4.2. Please refer to [`loki documentation`](https://grafana.com/docs/loki/v3.4.x/setup/upgrade/) 30 | for the complete release notes. 31 | 32 | ## Update Guide 🦮 33 | 34 | ### Before upgrading Loki from 2.9.10 to 3.4.2 35 | 36 | When upgrading Loki the Ingester StatefulSet needs to be scaled to at least 2 replicas before executing the upgrade to avoid losing logs that have not been flushed to a remote storage yet. Notice that the Ingester has an HPA defined and could already be scaled. 37 | 38 | Once the StatefulSet has been scaled a patch needs to be applied to add the `-ingester.flush-on-shutdown=true` and the `-log.level=debug` flags on the Ingester. This will allow the Ingester to flush logs that still need to be pushed to the long term storage. 39 | 40 | You can achieve this by using the following shell script: 41 | 42 | ```bash 43 | 44 | ingester_replicas=$(kubectl get statefulsets.apps -n logging loki-distributed-ingester -o jsonpath={.status.currentReplicas}) 45 | 46 | if [ "${ingester_replicas}" -lt "2" ]; then 47 | kubectl scale sts -n logging loki-distributed-ingester --replicas=2 48 | kubectl wait -n logging statefulset/loki-distributed-ingester --for=jsonpath='{.status.availableReplicas}'=2 --timeout=5m 49 | fi 50 | 51 | kubectl patch statefulset loki-distributed-ingester -n logging --type='json' -p="[{\"op\":\"replace\",\"path\":\"/spec/template/spec/containers/0/args\",\"value\":[\"-config.file=/etc/loki/config/config.yaml\",\"-ingester.flush-on-shutdown=true\",\"-log.level=debug\",\"-target=ingester\"]}]" 52 | 53 | kubectl rollout status -n logging statefulset/loki-distributed-ingester 54 | 55 | ``` 56 | 57 | Once the StatefulSet is stable and the patch has been applied the upgrade can be executed. 58 | 59 | ### Upgrade using the distribution 60 | 61 | To upgrade the module using the distribution please refer to the [`official documentation`](https://docs.kubernetesfury.com/docs/upgrades/upgrades) 62 | 63 | ### Manual Upgrade 64 | 65 | ℹ️ **Note:** Manually upgrading the module is deprecated. It is recommended to use it with the [`SIGHUP Distribution`](https://github.com/sighupio/distribution). 66 | 67 | To upgrade the module run: 68 | 69 | ```bash 70 | kustomize build | kubectl apply -f - --server-side 71 | ``` 72 | -------------------------------------------------------------------------------- /docs/releases/v5.1.0.md: -------------------------------------------------------------------------------- 1 | # Logging Core Module Release v5.1.0 2 | 3 | Welcome to the latest release of the `logging` module of [`SIGHUP Distribution`](https://github.com/sighupio/distribution) maintained by team SIGHUP by ReeVo. 4 | 5 | 6 | ## Component Images 🚢 7 | 8 | | Component | Supported Version | Previous Version | 9 | | ----------------------- | -------------------------------------------------------------------------------------------------- | ------------------------------ | 10 | | `opensearch` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.1) | `No Update` | 11 | | `opensearch-dashboards` | [`v2.19.1`](https://github.com/opensearch-project/OpenSearch-Dashboards/releases/tag/2.19.1) | `No Update` | 12 | | `logging-operator` | [`v5.2.0`](https://github.com/kube-logging/logging-operator/releases/tag/5.2.0) | `No Update` | 13 | | `loki-distributed` | [`v3.4.2`](https://github.com/grafana/loki/releases/tag/v3.4.2) | `No Update` | 14 | | `minio-ha` | [`RELEASE.2025-02-28T09-55-16Z`](https://github.com/minio/minio/tree/RELEASE.2025-02-28T09-55-16Z) | `No Update` | 15 | 16 | ## Bug Fixes and Changes 🐛 17 | 18 | - [[#186](https://github.com/sighupio/module-logging/pull/186)]: This PR adds the retention period to Loki stack. The default retention period for logs stored in Loki is 30 days, can be customized with a patch. 19 | 20 | ## Breaking Changes 💔 21 | 22 | None. 23 | 24 | ## Update Guide 🦮 25 | 26 | ### Upgrade using the distribution 27 | 28 | To upgrade the module using the distribution please refer to the [`official documentation`](https://docs.sighup.io/docs/upgrades/upgrades) 29 | 30 | ### Manual Upgrade 31 | 32 | ℹ️ **Note:** Manually upgrading the module is deprecated. It is recommended to use it with the [`SIGHUP Distribution`](https://github.com/sighupio/distribution). 33 | 34 | To upgrade the module run: 35 | 36 | ```bash 37 | kustomize build | kubectl apply -f - --server-side 38 | ``` 39 | -------------------------------------------------------------------------------- /examples/registry-override/README.md: -------------------------------------------------------------------------------- 1 | # Kustomization example for image override 2 | 3 | In this folder, you will find all the examples to override the images used in our `katalogs`. 4 | 5 | We host all the fury images on registry.sighup.io, but if you have your registry or mirror, you can override them and switch the source. -------------------------------------------------------------------------------- /examples/registry-override/opensearch-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/opensearch-dashboards 11 | 12 | images: 13 | - name: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 14 | newName: opensearchproject/opensearch-dashboards -------------------------------------------------------------------------------- /examples/registry-override/opensearch-single/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/opensearch-single 11 | 12 | images: 13 | - name: registry.sighup.io/fury/justwatch/elasticsearch_exporter 14 | newName: justwatch/elasticsearch_exporter 15 | - name: registry.sighup.io/fury/opensearchproject/opensearch 16 | newName: opensearchproject/opensearch 17 | - name: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 18 | newName: opensearchproject/opensearch-dashboards 19 | - name: registry.sighup.io/fury/alpine 20 | newName: alpine -------------------------------------------------------------------------------- /examples/registry-override/opensearch-triple/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/opensearch-triple 11 | 12 | images: 13 | - name: registry.sighup.io/fury/justwatch/elasticsearch_exporter 14 | newName: justwatch/elasticsearch_exporter 15 | - name: registry.sighup.io/fury/opensearchproject/opensearch 16 | newName: opensearchproject/opensearch 17 | - name: registry.sighup.io/fury/alpine 18 | newName: alpine -------------------------------------------------------------------------------- /examples/tolerations/README.md: -------------------------------------------------------------------------------- 1 | # Kustomization example for tolerations 2 | 3 | In this folder, you will find all the examples to extend/override tolerations used in our `katalogs`. 4 | 5 | In all examples, we assume that the target nodes: 6 | 7 | - have label `node.kubernetes.io/role: "infra"` 8 | 9 | - have taint `node.kubernetes.io/role=infra` with effect `NoSchedule` 10 | 11 | Notes: 12 | 13 | - All the Host Tailers should be scheduled in all nodes, so they have by default the toleration `operator=Exists,effect=NoSchedule` 14 | 15 | - Fluentbit is a DaemonSet and should be scheduled in all nodes, so it has by default the toleration `operator=Exists,effect=NoSchedule` -------------------------------------------------------------------------------- /examples/tolerations/configs/kubernetes-event-tailer.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging-extensions.banzaicloud.io/v1alpha1 7 | kind: EventTailer 8 | metadata: 9 | name: kubernetes 10 | namespace: logging 11 | spec: 12 | workloadOverrides: 13 | nodeSelector: 14 | node.kubernetes.io/role: "infra" 15 | tolerations: 16 | - key: node.kubernetes.io/role 17 | value: infra 18 | operator: Equal 19 | effect: NoSchedule -------------------------------------------------------------------------------- /examples/tolerations/configs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/logging-operator 11 | - ../../../katalog/configs 12 | 13 | patchesStrategicMerge: 14 | - kubernetes-event-tailer.yml -------------------------------------------------------------------------------- /examples/tolerations/logging-operated/fluentd.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Logging 8 | metadata: 9 | name: infra 10 | spec: 11 | fluentd: 12 | nodeSelector: 13 | node.kubernetes.io/role: "infra" 14 | tolerations: 15 | - key: node.kubernetes.io/role 16 | value: infra 17 | operator: Equal 18 | effect: NoSchedule 19 | -------------------------------------------------------------------------------- /examples/tolerations/logging-operated/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/logging-operator 11 | - ../../../katalog/logging-operated 12 | 13 | patchesStrategicMerge: 14 | - fluentd.yml 15 | - minio.yml -------------------------------------------------------------------------------- /examples/tolerations/logging-operated/minio.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: apps/v1 7 | kind: StatefulSet 8 | metadata: 9 | name: minio 10 | spec: 11 | template: 12 | spec: 13 | nodeSelector: 14 | node.kubernetes.io/role: "infra" 15 | tolerations: 16 | - key: node.kubernetes.io/role 17 | value: infra 18 | operator: Equal 19 | effect: NoSchedule -------------------------------------------------------------------------------- /examples/tolerations/logging-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - ../../../katalog/logging-operator 11 | 12 | patchesStrategicMerge: 13 | - logging-operator.yml -------------------------------------------------------------------------------- /examples/tolerations/logging-operator/logging-operator.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | name: logging-operator 10 | namespace: logging 11 | spec: 12 | template: 13 | spec: 14 | nodeSelector: 15 | node.kubernetes.io/role: "infra" 16 | tolerations: 17 | - key: node.kubernetes.io/role 18 | value: infra 19 | operator: Equal 20 | effect: NoSchedule 21 | -------------------------------------------------------------------------------- /katalog/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/module-logging/f756156ddf86c624fada8400d931ee498ea85380/katalog/.DS_Store -------------------------------------------------------------------------------- /katalog/configs/README.md: -------------------------------------------------------------------------------- 1 | # Logging operator configs for OpenSearch 2 | 3 | This package is a collection of logging operator Flow/ClusterFlow and Output/ClusterOutput configs to be used together with OpenSearch. 4 | 5 | ## Requirements 6 | 7 | - Kustomize >= `3.5.3` 8 | - [logging-operated](../logging-operated) 9 | - [logging-operator](../logging-operator) 10 | 11 | ## Configuration 12 | 13 | > ⚠️ This package cannot be used together with `loki-configs` package, one excludes the other. 14 | 15 | Configurations available: 16 | 17 | - [configs](configs): all the configurations. 18 | - [configs/kubernetes](configs/kubernetes): only the cluster wide pods logging configuration (infrastructural namespaced excluded). 19 | - [configs/infra](configs/infra): only the infrastructural namespaces logs 20 | - [configs/ingress-nginx](configs/ingress-nginx): only the nginx-ingress-controller logging configuration. 21 | - [configs/audit](configs/audit): all the Kubernetes audit logs related configurations (with master selector and tolerations). 22 | - [configs/events](configs/events): all the Kubernetes events related configurations (with master selector and tolerations). 23 | - [configs/systemd](configs/systemd): all the systemd related configurations. 24 | - [configs/systemd/kubelet](configs/systemd/common): kubelet, docker, ssh systemd service logs configuration. 25 | - [configs/systemd/etcd](configs/systemd/etcd): only the etcd service logs configuration (with master selector and tolerations). 26 | 27 | ## Deployment 28 | 29 | You can deploy all the configurations by running the following command in the root of the project: 30 | 31 | ```shell 32 | kustomize build | kubectl apply -f - 33 | ``` 34 | 35 | You can also deploy only a configuration subset by running some of the following commands (for example): 36 | 37 | ```shell 38 | kustomize build kubernetes | kubectl apply -f - 39 | kustomize build infra | kubectl apply -f - 40 | kustomize build ingress-nginx | kubectl apply -f - 41 | kustomize build audit | kubectl apply -f - 42 | kustomize build events | kubectl apply -f - 43 | kustomize build systemd | kubectl apply -f - 44 | kustomize build systemd/common | kubectl apply -f - 45 | kustomize build systemd/etcd | kubectl apply -f - 46 | ``` 47 | 48 | ## License 49 | 50 | For license details please see [LICENSE](../../LICENSE) 51 | -------------------------------------------------------------------------------- /katalog/configs/audit/audit-hosttailer.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging-extensions.banzaicloud.io/v1alpha1 7 | kind: HostTailer 8 | metadata: 9 | name: audit 10 | spec: 11 | fileTailers: 12 | - name: audit 13 | disabled: false 14 | path: /var/log/kubernetes/kube-apiserver-audit.log 15 | buffer_max_size: "256k" 16 | skip_long_lines: "On" 17 | containerOverrides: 18 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 19 | workloadMetaOverrides: {} 20 | workloadOverrides: 21 | affinity: 22 | nodeAffinity: 23 | requiredDuringSchedulingIgnoredDuringExecution: 24 | nodeSelectorTerms: 25 | - matchExpressions: 26 | - key: node-role.kubernetes.io/control-plane 27 | operator: Exists 28 | - matchExpressions: 29 | - key: node-role.kubernetes.io/master 30 | operator: Exists 31 | tolerations: 32 | - operator: Exists 33 | effect: NoSchedule 34 | -------------------------------------------------------------------------------- /katalog/configs/audit/audit-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["audit-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /katalog/configs/audit/flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Flow 8 | metadata: 9 | name: audit 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | match: 16 | - select: 17 | labels: 18 | app.kubernetes.io/instance: audit-host-tailer 19 | localOutputRefs: 20 | - audit 21 | -------------------------------------------------------------------------------- /katalog/configs/audit/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - audit-hosttailer.yml 11 | - output.yml 12 | - flow.yml 13 | 14 | namespace: logging 15 | 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | 19 | secretGenerator: 20 | - name: audit-index-template 21 | files: 22 | - audit-index-template=audit-index-template.json 23 | -------------------------------------------------------------------------------- /katalog/configs/audit/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: audit 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: audit 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: audit 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: audit-index-template 24 | key: audit-index-template 25 | log_os_400_reason: true 26 | ssl_verify: false 27 | suppress_type_name: true 28 | buffer: 29 | timekey: "1m" 30 | timekey_wait: "10s" 31 | timekey_use_utc: true 32 | chunk_limit_size: "2m" 33 | retry_max_interval: "30" 34 | retry_forever: true 35 | overflow_action: "block" 36 | -------------------------------------------------------------------------------- /katalog/configs/events/events-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["events-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /katalog/configs/events/flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Flow 8 | metadata: 9 | name: events 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | match: 16 | - select: 17 | labels: 18 | app.kubernetes.io/instance: kubernetes-event-tailer 19 | localOutputRefs: 20 | - events 21 | -------------------------------------------------------------------------------- /katalog/configs/events/kubernetes-eventtailer.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging-extensions.banzaicloud.io/v1alpha1 7 | kind: EventTailer 8 | metadata: 9 | name: kubernetes 10 | spec: 11 | controlNamespace: logging 12 | containerOverrides: 13 | image: registry.sighup.io/fury/banzaicloud/eventrouter:0.4.0 14 | -------------------------------------------------------------------------------- /katalog/configs/events/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - kubernetes-eventtailer.yml 11 | - output.yml 12 | - flow.yml 13 | 14 | namespace: logging 15 | 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | 19 | secretGenerator: 20 | - name: events-index-template 21 | files: 22 | - events-index-template=events-index-template.json -------------------------------------------------------------------------------- /katalog/configs/events/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: events 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: events 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: events 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: events-index-template 24 | key: events-index-template 25 | log_os_400_reason: true 26 | ssl_verify: false 27 | suppress_type_name: true 28 | buffer: 29 | timekey: "1m" 30 | timekey_wait: "10s" 31 | timekey_use_utc: true 32 | chunk_limit_size: "2m" 33 | retry_max_interval: "30" 34 | retry_forever: true 35 | overflow_action: "block" 36 | -------------------------------------------------------------------------------- /katalog/configs/infra/cluster-flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterFlow 8 | metadata: 9 | name: infra 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | match: 16 | - exclude: 17 | namespaces: 18 | - ingress-nginx 19 | labels: 20 | app: ingress-nginx 21 | - exclude: 22 | namespaces: 23 | - ingress-nginx 24 | labels: 25 | app: ingress 26 | type: external 27 | - exclude: 28 | namespaces: 29 | - ingress-nginx 30 | labels: 31 | app: ingress 32 | type: internal 33 | - exclude: 34 | labels: 35 | app.kubernetes.io/name: host-tailer 36 | - exclude: 37 | labels: 38 | app.kubernetes.io/name: event-tailer 39 | - select: 40 | namespaces: 41 | - kube-system 42 | - logging 43 | - monitoring 44 | - ingress-nginx 45 | - cert-manager 46 | - tigera-operator 47 | - calico-system 48 | - calico-api 49 | - vmware-system-csi 50 | - pomerium 51 | - gatekeeper-system 52 | - tracing 53 | - kyverno 54 | globalOutputRefs: 55 | - infra 56 | -------------------------------------------------------------------------------- /katalog/configs/infra/cluster-output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterOutput 8 | metadata: 9 | name: infra 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: infra 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: infra 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: infra-index-template 24 | key: infra-index-template 25 | log_os_400_reason: true 26 | ssl_verify: false 27 | suppress_type_name: true 28 | buffer: 29 | timekey: "1m" 30 | timekey_wait: "10s" 31 | timekey_use_utc: true 32 | chunk_limit_size: "2m" 33 | retry_max_interval: "30" 34 | retry_forever: true 35 | overflow_action: "block" 36 | flush_thread_count: 4 37 | -------------------------------------------------------------------------------- /katalog/configs/infra/infra-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["infra-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /katalog/configs/infra/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - cluster-flow.yml 11 | - cluster-output.yml 12 | 13 | namespace: logging 14 | 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | 18 | secretGenerator: 19 | - name: infra-index-template 20 | files: 21 | - infra-index-template=infra-index-template.json 22 | -------------------------------------------------------------------------------- /katalog/configs/ingress-nginx/flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Flow 8 | metadata: 9 | name: ingress-nginx 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | - parser: 16 | key_name: message 17 | # we need to set this to true to keep the kubernetes metadata, otherwise it gets droped 18 | reserve_data: true 19 | parse: 20 | type: multi_format 21 | patterns: 22 | # this is the nginx access log format from the ingress controller 23 | - format: regexp 24 | expression: '/^(?[^ ]*) - (?[^ ]+) \[(?[^\]]*)\] "(?\S+)(?: +(?[^\"]*) +\S*)?" (?\d+) (?\d+) "(?[^ ]*)" "(?[^\"]*)" (?\d+) (?[\d.]+) \[(?[^\]]*)\] \[(?[^\]]*)\] (?[^ ,]*(?:,\s[^ ,]*)*) (?(?:\d+|-)(?:,\s(?:\d+|-))*) (?(?:[\d.]+|-)(?:,\s(?:[\d.]+|-))*) (?(?:\d+|-)(?:,\s(?:\d+|-))*) (?[[:alnum:]]*)/' 25 | time_format: "%Y-%m-%dT%H:%M:%S.%L%z" 26 | types: 'request_length:integer,request_time:float,status:integer,body_bytes_sent:integer,upstream_response_length:string,upstream_response_time:string,upstream_status:string' 27 | # this handles nginx error log 28 | - format: regexp 29 | expression: '/^(?\d{4}\/\d{1,2}\/\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}) (?\[[^\s]+\]) (?.*)$/' 30 | types: 'logtime:string,log_level:string,message:string' 31 | # catch all ingress nginx logs 32 | - format: regexp 33 | expression: '/^(?.*)$/' 34 | types: 'generic:string' 35 | # we use this filter to remove the message field, setting reserve_data to true has the side effect that it keeps the original (message) field unstransformed too. 36 | - record_transformer: 37 | remove_keys: message 38 | match: 39 | - select: 40 | labels: 41 | app: ingress-nginx 42 | - select: 43 | labels: 44 | app: ingress 45 | type: external 46 | - select: 47 | labels: 48 | app: ingress 49 | type: internal 50 | localOutputRefs: 51 | - ingress-nginx 52 | -------------------------------------------------------------------------------- /katalog/configs/ingress-nginx/ingress-controller-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["ingress-controller-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } -------------------------------------------------------------------------------- /katalog/configs/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - output.yml 11 | - flow.yml 12 | 13 | namespace: ingress-nginx 14 | 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | 18 | secretGenerator: 19 | - name: ingress-controller-index-template 20 | files: 21 | - ingress-controller-index-template=ingress-controller-index-template.json 22 | 23 | -------------------------------------------------------------------------------- /katalog/configs/ingress-nginx/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: ingress-nginx 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: ingress-controller 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: ingress-controller 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: ingress-controller-index-template 24 | key: ingress-controller-index-template 25 | log_os_400_reason: true 26 | ssl_verify: false 27 | suppress_type_name: true 28 | buffer: 29 | timekey: "1m" 30 | timekey_wait: "10s" 31 | timekey_use_utc: true 32 | chunk_limit_size: "2m" 33 | retry_max_interval: "30" 34 | retry_forever: true 35 | overflow_action: "block" 36 | -------------------------------------------------------------------------------- /katalog/configs/kubernetes/cluster-flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterFlow 8 | metadata: 9 | name: kubernetes 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | # Added parser json on key message to parse containerd json logs 16 | - parser: 17 | key_name: message 18 | parse: 19 | type: json 20 | remove_key_name_field: true 21 | reserve_data: true 22 | emit_invalid_record_to_error: false 23 | match: 24 | - exclude: 25 | namespaces: 26 | - kube-system 27 | - logging 28 | - monitoring 29 | - ingress-nginx 30 | - cert-manager 31 | - tigera-operator 32 | - calico-system 33 | - calico-api 34 | - vmware-system-csi 35 | - pomerium 36 | - gatekeeper-system 37 | - tracing 38 | - kyverno 39 | - select: {} 40 | globalOutputRefs: 41 | - kubernetes 42 | -------------------------------------------------------------------------------- /katalog/configs/kubernetes/cluster-output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterOutput 8 | metadata: 9 | name: kubernetes 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: kubernetes 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: kubernetes 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: kubernetes-index-template 24 | key: kubernetes-index-template 25 | log_os_400_reason: true 26 | ssl_verify: false 27 | suppress_type_name: true 28 | buffer: 29 | timekey: "1m" 30 | timekey_wait: "10s" 31 | timekey_use_utc: true 32 | chunk_limit_size: "2m" 33 | retry_max_interval: "30" 34 | retry_forever: true 35 | overflow_action: "block" 36 | flush_thread_count: 4 37 | -------------------------------------------------------------------------------- /katalog/configs/kubernetes/kubernetes-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["kubernetes-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /katalog/configs/kubernetes/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - cluster-flow.yml 11 | - cluster-output.yml 12 | 13 | namespace: logging 14 | 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | 18 | secretGenerator: 19 | - name: kubernetes-index-template 20 | files: 21 | - kubernetes-index-template=kubernetes-index-template.json 22 | -------------------------------------------------------------------------------- /katalog/configs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - audit 11 | - events 12 | - ingress-nginx 13 | - kubernetes 14 | - systemd 15 | - infra 16 | -------------------------------------------------------------------------------- /katalog/configs/systemd/common/flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Flow 8 | metadata: 9 | name: systemd-common 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | match: 16 | - select: 17 | labels: 18 | app.kubernetes.io/instance: systemd-common-host-tailer 19 | localOutputRefs: 20 | - systemd-common 21 | -------------------------------------------------------------------------------- /katalog/configs/systemd/common/hosttrailer.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging-extensions.banzaicloud.io/v1alpha1 7 | kind: HostTailer 8 | metadata: 9 | name: systemd-common 10 | spec: 11 | systemdTailers: 12 | - name: systemd-docker-hosttailer 13 | disabled: false 14 | maxEntries: 100 15 | systemdFilter: docker.service 16 | containerOverrides: 17 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 18 | - name: systemd-containerd-hosttailer 19 | disabled: false 20 | maxEntries: 100 21 | systemdFilter: containerd.service 22 | containerOverrides: 23 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 24 | - name: systemd-kubelet-hosttailer 25 | disabled: false 26 | maxEntries: 100 27 | systemdFilter: kubelet.service 28 | containerOverrides: 29 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 30 | - name: systemd-ssh-hosttailer 31 | disabled: false 32 | maxEntries: 100 33 | systemdFilter: ssh.service 34 | containerOverrides: 35 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 36 | workloadMetaOverrides: {} 37 | workloadOverrides: 38 | tolerations: 39 | - operator: Exists 40 | effect: NoSchedule 41 | -------------------------------------------------------------------------------- /katalog/configs/systemd/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - hosttrailer.yml 11 | - output.yml 12 | - flow.yml 13 | 14 | namespace: logging 15 | 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | 19 | secretGenerator: 20 | - name: systemd-index-template 21 | files: 22 | - systemd-index-template=systemd-index-template.json 23 | -------------------------------------------------------------------------------- /katalog/configs/systemd/common/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: systemd-common 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: systemd 17 | request_timeout: 600s 18 | template_overwrite: true 19 | template_name: systemd 20 | template_file: 21 | mountFrom: 22 | secretKeyRef: 23 | name: systemd-index-template 24 | key: systemd-index-template 25 | ssl_verify: false 26 | suppress_type_name: true 27 | buffer: 28 | timekey: "1m" 29 | timekey_wait: "10s" 30 | timekey_use_utc: true 31 | chunk_limit_size: "2m" 32 | retry_max_interval: "30" 33 | retry_forever: true 34 | overflow_action: "block" 35 | -------------------------------------------------------------------------------- /katalog/configs/systemd/common/systemd-index-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "index_patterns" : ["systemd-*"], 3 | "settings": { 4 | "number_of_shards": 1, 5 | "auto_expand_replicas": "0-1", 6 | "codec": "best_compression" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /katalog/configs/systemd/etcd/flow.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Flow 8 | metadata: 9 | name: systemd-etcd 10 | spec: 11 | filters: 12 | - dedot: 13 | de_dot_separator: "_" 14 | de_dot_nested: true 15 | match: 16 | - select: 17 | labels: 18 | app.kubernetes.io/instance: systemd-docker-etcd-tailer 19 | localOutputRefs: 20 | - systemd-etcd 21 | -------------------------------------------------------------------------------- /katalog/configs/systemd/etcd/hosttrailer.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging-extensions.banzaicloud.io/v1alpha1 7 | kind: HostTailer 8 | metadata: 9 | name: systemd-etcd 10 | spec: 11 | systemdTailers: 12 | - name: systemd-etcd-hosttailer 13 | disabled: false 14 | maxEntries: 100 15 | systemdFilter: etcd.service 16 | containerOverrides: 17 | image: registry.sighup.io/fury/fluent/fluent-bit:3.1.8 18 | workloadMetaOverrides: {} 19 | workloadOverrides: 20 | affinity: 21 | nodeAffinity: 22 | requiredDuringSchedulingIgnoredDuringExecution: 23 | nodeSelectorTerms: 24 | - matchExpressions: 25 | - key: node-role.kubernetes.io/control-plane 26 | operator: Exists 27 | - matchExpressions: 28 | - key: node-role.kubernetes.io/master 29 | operator: Exists 30 | tolerations: 31 | - operator: Exists 32 | effect: NoSchedule 33 | -------------------------------------------------------------------------------- /katalog/configs/systemd/etcd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - hosttrailer.yml 11 | - output.yml 12 | - flow.yml 13 | 14 | namespace: logging 15 | -------------------------------------------------------------------------------- /katalog/configs/systemd/etcd/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: systemd-etcd 10 | spec: 11 | opensearch: 12 | host: opensearch-cluster-master.logging.svc.cluster.local 13 | port: 9200 14 | scheme: http 15 | logstash_format: true 16 | logstash_prefix: systemd 17 | request_timeout: 600s 18 | log_os_400_reason: true 19 | ssl_verify: false 20 | suppress_type_name: true 21 | buffer: 22 | timekey: "1m" 23 | timekey_wait: "10s" 24 | timekey_use_utc: true 25 | chunk_limit_size: "2m" 26 | retry_max_interval: "30" 27 | retry_forever: true 28 | overflow_action: "block" 29 | -------------------------------------------------------------------------------- /katalog/configs/systemd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - common 11 | - etcd 12 | 13 | namespace: logging 14 | -------------------------------------------------------------------------------- /katalog/logging-operated/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # Logging Operated Maintenance Guide 2 | 3 | This folder contains tailor made files to deploy the Fluentd and Fluent-bit stack via Logging operator CRDs. 4 | 5 | Container Images for Fluentd and Fluent-bit compatibility with logging-operator can be found here: 6 | 7 | Replace all images used in [`fluentd-fluentbit.yaml`] with the ones you found in the above link. 8 | 9 | ## Grafana Dashboard 10 | 11 | The included Grafana dashboard has been taken from: 12 | -------------------------------------------------------------------------------- /katalog/logging-operated/README.md: -------------------------------------------------------------------------------- 1 | # Logging Operated 2 | 3 | 4 | 5 | The Logging operated package deploys the Fluentd and Fluent-bit stack via Logging operator CRDs. 6 | It also deploys a MinIO instance for storing all the logs rejected from the configured outputs. 7 | 8 | ## Requirements 9 | 10 | - Kubernetes >= `1.24.0` 11 | - Kustomize >= `v3.5.3` 12 | - [logging-operator][logging-operator] 13 | - [prometheus-operator][prometheus-operator] 14 | - [minio-ha](../minio-ha) 15 | 16 | ## Image repository and tag 17 | 18 | - Logging operator: `ghcr.io/kube-logging/logging-operator:4.10.0` 19 | 20 | ## Configuration 21 | 22 | See the file [fluentd-fluentbit.yaml](fluentd-fluentbit.yml) in the root of the project for the stack configuration. 23 | 24 | ## Deployment 25 | 26 | You can deploy Logging operated by running the following command in the root of the project: 27 | 28 | ```shell 29 | kustomize build | kubectl apply -f - --server-side 30 | ``` 31 | 32 | ## Error logs 33 | 34 | All logs with errors in being sent to their outputs are collected by two MinIO instances. 35 | These instances serve for debugging purposes and to understand why the collected logs are not being sent. 36 | These MinIO instances are configured to have a 7-day file retention. 37 | 38 | 39 | 40 | [logging-operator]: https://github.com/sighup-io/fury-kubernetes-logging/blob/master/katalog/logging-operator 41 | [prometheus-operator]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/prometheus-operator 42 | 43 | 44 | 45 | ## License 46 | 47 | For license details please see [LICENSE](../../LICENSE) 48 | -------------------------------------------------------------------------------- /katalog/logging-operated/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | generatorOptions: 12 | labels: 13 | grafana-sighup-dashboard: default 14 | annotations: 15 | grafana-folder: "Logging" 16 | disableNameSuffixHash: true 17 | 18 | configMapGenerator: 19 | - name: grafana-dashboard-logging 20 | files: 21 | - dashboard-logging.json 22 | -------------------------------------------------------------------------------- /katalog/logging-operated/errors-cluster-output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterOutput 8 | metadata: 9 | name: errors 10 | spec: 11 | s3: 12 | aws_key_id: 13 | valueFrom: 14 | secretKeyRef: 15 | name: minio-credentials 16 | key: MINIO_ACCESS_KEY 17 | aws_sec_key: 18 | valueFrom: 19 | secretKeyRef: 20 | name: minio-credentials 21 | key: MINIO_SECRET_KEY 22 | s3_bucket: errors 23 | s3_region: local 24 | s3_endpoint: 'http://minio-logging.logging.svc.cluster.local:9000' 25 | force_path_style: 'true' 26 | path: logs/${tag}/%Y/%m/%d/ 27 | buffer: 28 | timekey: 10m 29 | timekey_wait: 30s 30 | timekey_use_utc: true -------------------------------------------------------------------------------- /katalog/logging-operated/fluentd-fluentbit.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Logging 8 | metadata: 9 | name: infra 10 | spec: 11 | errorOutputRef: errors 12 | enableRecreateWorkloadOnImmutableFieldChange: true 13 | fluentd: 14 | logLevel: debug 15 | image: 16 | repository: registry.sighup.io/fury/banzaicloud/fluentd 17 | tag: 5.2.0-full 18 | configReloaderImage: 19 | repository: registry.sighup.io/fury/banzaicloud/config-reloader 20 | tag: "5.2.0" 21 | affinity: 22 | podAntiAffinity: 23 | preferredDuringSchedulingIgnoredDuringExecution: 24 | - weight: 100 25 | podAffinityTerm: 26 | labelSelector: 27 | matchExpressions: 28 | - key: "app.kubernetes.io/name" 29 | operator: In 30 | values: 31 | - fluentd 32 | - key: "app.kubernetes.io/component" 33 | operator: In 34 | values: 35 | - fluentd 36 | topologyKey: "kubernetes.io/hostname" 37 | disablePvc: false 38 | scaling: 39 | replicas: 2 40 | metrics: 41 | serviceMonitor: true 42 | prometheusRules: true 43 | resources: 44 | limits: 45 | cpu: 1000m 46 | memory: 600Mi 47 | requests: 48 | cpu: 300m 49 | memory: 400Mi 50 | controlNamespace: logging 51 | --- 52 | apiVersion: logging.banzaicloud.io/v1beta1 53 | kind: FluentbitAgent 54 | metadata: 55 | name: infra 56 | spec: 57 | image: 58 | repository: registry.sighup.io/fury/fluent/fluent-bit 59 | tag: "3.2.5" 60 | enableUpstream: true 61 | inputTail: 62 | Ignore_Older: 86400s 63 | Mem_Buf_Limit: 150MB 64 | filterKubernetes: 65 | Kube_URL: "https://kubernetes.default.svc:443" 66 | Match: "kubernetes.*" 67 | Kube_CA_File: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 68 | Kube_Tag_Prefix: kubernetes.var.log.containers 69 | Kube_Token_File: /var/run/secrets/kubernetes.io/serviceaccount/token 70 | Merge_Log: "On" 71 | tolerations: 72 | - operator: Exists 73 | effect: NoSchedule 74 | metrics: 75 | serviceMonitor: true 76 | prometheusRules: true 77 | resources: 78 | limits: 79 | cpu: 200m 80 | memory: 300M 81 | requests: 82 | cpu: 100m 83 | memory: 50M 84 | positiondb: 85 | hostPath: 86 | path: /var/log/infra-fluentbit-pos -------------------------------------------------------------------------------- /katalog/logging-operated/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - errors-cluster-output.yml 11 | - dashboards 12 | - fluentd-fluentbit.yml 13 | 14 | namespace: logging 15 | 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | 19 | secretGenerator: 20 | - name: minio-credentials 21 | envs: 22 | - minio-credentials.env 23 | -------------------------------------------------------------------------------- /katalog/logging-operated/minio-credentials.env: -------------------------------------------------------------------------------- 1 | MINIO_ACCESS_KEY=minio 2 | MINIO_SECRET_KEY=minio123 3 | -------------------------------------------------------------------------------- /katalog/logging-operator/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/module-logging/f756156ddf86c624fada8400d931ee498ea85380/katalog/logging-operator/.DS_Store -------------------------------------------------------------------------------- /katalog/logging-operator/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # Logging Operator - maintenance 2 | 3 | To maintain the Logging Operator package, you should follow these steps. 4 | 5 | 1. Take note of the latest chart version from [`logging-operator` chart](https://github.com/kube-logging/logging-operator/releases). 6 | 2. Take note also of the latest pushed version of the [`fury/banzaicloud/logging-operator`](https://registry.sighup.io/harbor/projects/37/repositories/banzaicloud%2Flogging-operator/artifacts-tab`) image in our Harbor registry 7 | - If necessary, add a newer version on our [fury-distribution-container-image-sync](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/logging/images.yml#L156) git repo 8 | 9 | 3. Run the following commands: 10 | 11 | ```bash 12 | VERSION=5.2.0 # update this to the latest chart version 13 | IMAGE_TAG="5.2.0" # update this to the latest fury/banzaicloud/logging-operator image tag 14 | helm pull oci://ghcr.io/kube-logging/helm-charts/logging-operator --version $VERSION --untar --untardir /tmp # this command will download the chart in /tmp/logging-operator 15 | helm template logging-operator /tmp/logging-operator/ --values MAINTENANCE.values.yaml --api-versions "monitoring.coreos.com/v1" --set "image.tag"="$IMAGE_TAG" -n logging > logging-operator-built.yaml 16 | cp /tmp/logging-operator/crds/* ./crds 17 | cd ./crds; for file in $(ls logging*); do kustomize edit add resource $file 2>/dev/null; done; cd .. # ensure we add new CRDs (if any) to the kustomization file 18 | addlicense -c "SIGHUP s.r.l" -v -l bsd . # install with "go install github.com/google/addlicense@v1.1.1" 19 | ``` 20 | 21 | What was customized (what differs from the helm template command): 22 | 23 | - Removed openshift-related permissions from ClusterRole 24 | - Removed some labels in rbac resources 25 | 26 | Review the differences between `logging-operator-built.yaml` and `deploy.yaml`, make the customization described above and replace `deploy.yaml` with the contents of `minio-built.yaml`. 27 | 28 | Cleanup: 29 | 30 | ```bash 31 | rm logging-operator-built.yaml 32 | rm -rf /tmp/logging-operator 33 | ``` 34 | -------------------------------------------------------------------------------- /katalog/logging-operator/MAINTENANCE.values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | 6 | # Default values for logging-operator. 7 | # This is a YAML-formatted file. 8 | # Declare variables to be passed into your templates. 9 | replicaCount: 1 10 | image: 11 | repository: registry.sighup.io/fury/banzaicloud/logging-operator 12 | tag: "" 13 | pullPolicy: IfNotPresent 14 | 15 | env: [] 16 | volumes: [] 17 | volumeMounts: [] 18 | 19 | extraArgs: 20 | - -enable-leader-election=true 21 | imagePullSecrets: [] 22 | 23 | http: 24 | port: 8080 25 | service: 26 | type: ClusterIP 27 | clusterIP: None 28 | labels: {} 29 | 30 | rbac: 31 | enabled: true 32 | retainOnDelete: false 33 | # serviceAccountName: custom 34 | 35 | monitoring: 36 | serviceMonitor: 37 | enabled: true 38 | 39 | additionalLabels: {} 40 | metricRelabelings: [] 41 | relabelings: [] 42 | 43 | ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false 44 | podSecurityContext: {} 45 | # runAsNonRoot: true 46 | # runAsUser: 1000 47 | # fsGroup: 2000 48 | 49 | securityContext: {} 50 | # allowPrivilegeEscalation: false 51 | # readOnlyRootFilesystem: true 52 | # capabilities: 53 | # drop: ["ALL"] 54 | 55 | resources: 56 | limits: 57 | cpu: 100m 58 | memory: 500Mi 59 | requests: 60 | cpu: 100m 61 | memory: 128Mi 62 | 63 | nodeSelector: {} 64 | 65 | tolerations: [] 66 | 67 | affinity: {} 68 | 69 | topologySpreadConstraints: [] 70 | 71 | strategy: {} 72 | 73 | podLabels: {} 74 | 75 | logging: 76 | enabled: false 77 | 78 | testReceiver: 79 | enabled: false 80 | 81 | extraManifests: [] 82 | -------------------------------------------------------------------------------- /katalog/logging-operator/README.md: -------------------------------------------------------------------------------- 1 | # Logging Operator 2 | 3 | 4 | 5 | Logging operator for Kubernetes based on Fluentd and Fluent-bit. 6 | 7 | The Logging operator automates the deployment and configuration of a Kubernetes logging pipeline. The operator deploys 8 | and configures a Fluent-bit DaemonSet on every node to collect container and application logs from the node file system 9 | and a Fluentd StatefulSet that receive logs from Fluent-bit and send them to various outputs. 10 | 11 | ## Requirements 12 | 13 | - Kubernetes >= `1.24.0` 14 | - Kustomize >= `v3.5.3` 15 | 16 | ## Image repository and tag 17 | 18 | - Logging operator: `ghcr.io/kube-logging/logging-operator:4.10.0` 19 | - Logging operator repo: [Logging operator on GitHub][logging-operator-github] 20 | 21 | ## Configuration 22 | 23 | In SIGHUP Distribution, Logging operator is deployed with the following default configuration: 24 | 25 | - Replica number: `1` 26 | - Resource limits are `100m` for CPU and `500Mi` for memory 27 | 28 | ## Deployment 29 | 30 | You can deploy Logging operator by running the following command in the root of the project: 31 | 32 | ```shell 33 | kustomize build | kubectl apply -f - --server-side 34 | ``` 35 | 36 | See [logging-operated](../logging-operated) for the fluentd and fluentbit stack deployment, [configs](../configs) 37 | for OpenSearch Flow/Clusterflow and Output/ClusterOutput configuration and [loki-configs](../loki-configs) for Loki Flow/Clusterflow and Output/ClusterOutput configuration. 38 | 39 | 40 | 41 | [logging-operator-github]: https://github.com/banzaicloud/logging-operator 42 | 43 | 44 | 45 | ## License 46 | 47 | For license details please see [LICENSE](../../LICENSE) 48 | -------------------------------------------------------------------------------- /katalog/logging-operator/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | resources: 10 | - logging.banzaicloud.io_clusterflows.yaml 11 | - logging.banzaicloud.io_clusteroutputs.yaml 12 | - logging.banzaicloud.io_flows.yaml 13 | - logging.banzaicloud.io_fluentbitagents.yaml 14 | - logging.banzaicloud.io_fluentdconfigs.yaml 15 | - logging.banzaicloud.io_loggingroutes.yaml 16 | - logging.banzaicloud.io_loggings.yaml 17 | - logging.banzaicloud.io_nodeagents.yaml 18 | - logging.banzaicloud.io_outputs.yaml 19 | - logging.banzaicloud.io_syslogngclusterflows.yaml 20 | - logging.banzaicloud.io_syslogngclusteroutputs.yaml 21 | - logging.banzaicloud.io_syslogngconfigs.yaml 22 | - logging.banzaicloud.io_syslogngflows.yaml 23 | - logging.banzaicloud.io_syslogngoutputs.yaml 24 | - logging-extensions.banzaicloud.io_eventtailers.yaml 25 | - logging-extensions.banzaicloud.io_hosttailers.yaml 26 | -------------------------------------------------------------------------------- /katalog/logging-operator/crds/logging.banzaicloud.io_loggingroutes.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: apiextensions.k8s.io/v1 7 | kind: CustomResourceDefinition 8 | metadata: 9 | annotations: 10 | controller-gen.kubebuilder.io/version: v0.17.2 11 | name: loggingroutes.logging.banzaicloud.io 12 | spec: 13 | group: logging.banzaicloud.io 14 | names: 15 | categories: 16 | - logging-all 17 | kind: LoggingRoute 18 | listKind: LoggingRouteList 19 | plural: loggingroutes 20 | shortNames: 21 | - lr 22 | singular: loggingroute 23 | scope: Cluster 24 | versions: 25 | - additionalPrinterColumns: 26 | - description: Number of problems 27 | jsonPath: .status.problemsCount 28 | name: Problems 29 | type: integer 30 | - description: Number of notices 31 | jsonPath: .status.noticesCount 32 | name: Notices 33 | type: integer 34 | name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | properties: 38 | apiVersion: 39 | type: string 40 | kind: 41 | type: string 42 | metadata: 43 | type: object 44 | spec: 45 | properties: 46 | source: 47 | type: string 48 | targets: 49 | properties: 50 | matchExpressions: 51 | items: 52 | properties: 53 | key: 54 | type: string 55 | operator: 56 | type: string 57 | values: 58 | items: 59 | type: string 60 | type: array 61 | x-kubernetes-list-type: atomic 62 | required: 63 | - key 64 | - operator 65 | type: object 66 | type: array 67 | x-kubernetes-list-type: atomic 68 | matchLabels: 69 | additionalProperties: 70 | type: string 71 | type: object 72 | type: object 73 | x-kubernetes-map-type: atomic 74 | required: 75 | - source 76 | - targets 77 | type: object 78 | status: 79 | properties: 80 | notices: 81 | items: 82 | type: string 83 | type: array 84 | noticesCount: 85 | type: integer 86 | problems: 87 | items: 88 | type: string 89 | type: array 90 | problemsCount: 91 | type: integer 92 | tenants: 93 | items: 94 | properties: 95 | name: 96 | type: string 97 | namespaces: 98 | items: 99 | type: string 100 | type: array 101 | required: 102 | - name 103 | type: object 104 | type: array 105 | type: object 106 | type: object 107 | served: true 108 | storage: true 109 | subresources: 110 | status: {} 111 | -------------------------------------------------------------------------------- /katalog/logging-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | resources: 12 | - ns.yml 13 | - deploy.yaml 14 | - crds 15 | 16 | images: 17 | - name: ghcr.io/kube-logging/logging-operator 18 | newName: registry.sighup.io/fury/banzaicloud/logging-operator 19 | -------------------------------------------------------------------------------- /katalog/logging-operator/ns.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: logging 10 | -------------------------------------------------------------------------------- /katalog/loki-configs/README.md: -------------------------------------------------------------------------------- 1 | # Logging operator configs for Loki 2 | 3 | This package is a collection of logging operator Flow/ClusterFlow and Output/ClusterOutput configs to be used together with Loki. 4 | 5 | ## Requirements 6 | 7 | - Kustomize >= `3.5.3` 8 | - [logging-operated](../logging-operated) 9 | - [logging-operator](../logging-operator) 10 | 11 | ## Configuration 12 | 13 | > ⚠️ This package cannot be used together with `configs` package, one excludes the other. 14 | 15 | Configurations available (patched from the base [configs](../configs) ) : 16 | 17 | - [configs](configs): all the configurations. 18 | - [configs/kubernetes](configs/kubernetes): only the cluster wide pods logging configuration (infrastructural namespaced excluded). 19 | - [configs/infra](configs/infra): only the infrastructural namespaces logs 20 | - [configs/ingress-nginx](configs/ingress-nginx): only the nginx-ingress-controller logging configuration. 21 | - [configs/audit](configs/audit): all the Kubernetes audit logs related configurations (with master selector and tolerations). 22 | - [configs/events](configs/events): all the Kubernetes events related configurations (with master selector and tolerations). 23 | - [configs/systemd](configs/systemd): all the systemd related configurations. 24 | - [configs/systemd/kubelet](configs/systemd/common): kubelet, docker, ssh systemd service logs configuration. 25 | - [configs/systemd/etcd](configs/systemd/etcd): only the etcd service logs configuration (with master selector and tolerations). 26 | 27 | ## Deployment 28 | 29 | You can deploy all the configurations by running the following command in the root of the project: 30 | 31 | ```shell 32 | kustomize build | kubectl apply -f - 33 | ``` 34 | 35 | You can also deploy only a configuration subset by running some of the following commands (for example): 36 | 37 | ```shell 38 | kustomize build kubernetes | kubectl apply -f - 39 | kustomize build infra | kubectl apply -f - 40 | kustomize build ingress-nginx | kubectl apply -f - 41 | kustomize build audit | kubectl apply -f - 42 | kustomize build events | kubectl apply -f - 43 | kustomize build systemd | kubectl apply -f - 44 | kustomize build systemd/common | kubectl apply -f - 45 | kustomize build systemd/etcd | kubectl apply -f - 46 | ``` 47 | 48 | ## License 49 | 50 | For license details please see [LICENSE](../../LICENSE) 51 | -------------------------------------------------------------------------------- /katalog/loki-configs/audit/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../configs/audit 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: Output 19 | name: audit 20 | namespace: logging 21 | version: v1beta1 22 | - path: output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/audit/output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/audit/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: audit 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: audit 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/events/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../configs/events 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: Output 19 | name: events 20 | namespace: logging 21 | version: v1beta1 22 | - path: output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/events/output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/events/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: events 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: events 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/infra/cluster-output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/infra/cluster-output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterOutput 8 | metadata: 9 | name: infra 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: infra 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | 26 | -------------------------------------------------------------------------------- /katalog/loki-configs/infra/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../configs/infra 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: cluster-output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: ClusterOutput 19 | name: infra 20 | namespace: logging 21 | version: v1beta1 22 | - path: cluster-output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../configs/ingress-nginx 10 | 11 | namespace: ingress-nginx 12 | 13 | 14 | patches: 15 | - path: output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: Output 19 | name: ingress-nginx 20 | namespace: ingress-nginx 21 | version: v1beta1 22 | - path: output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/ingress-nginx/output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/ingress-nginx/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: ingress-nginx 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: ingress-nginx 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/kubernetes/cluster-output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/kubernetes/cluster-output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: ClusterOutput 8 | metadata: 9 | name: kubernetes 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: kubernetes 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/kubernetes/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../configs/kubernetes 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: cluster-output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: ClusterOutput 19 | name: kubernetes 20 | namespace: logging 21 | version: v1beta1 22 | - path: cluster-output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - audit 10 | - events 11 | - ingress-nginx 12 | - kubernetes 13 | - systemd 14 | - infra 15 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../../configs/systemd/common 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: Output 19 | name: systemd-common 20 | namespace: logging 21 | version: v1beta1 22 | - path: output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/common/output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/common/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: systemd-common 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: systemd 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/etcd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - ../../../configs/systemd/etcd 10 | 11 | namespace: logging 12 | 13 | 14 | patches: 15 | - path: output-json-patch.yml 16 | target: 17 | group: logging.banzaicloud.io 18 | kind: Output 19 | name: systemd-etcd 20 | namespace: logging 21 | version: v1beta1 22 | - path: output.yml 23 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/etcd/output-json-patch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | - op: remove 7 | path: /spec/opensearch 8 | 9 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/etcd/output.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: logging.banzaicloud.io/v1beta1 7 | kind: Output 8 | metadata: 9 | name: systemd-etcd 10 | spec: 11 | loki: 12 | url: http://loki-stack:3100 13 | extract_kubernetes_labels: true 14 | configure_kubernetes_labels: true 15 | extra_labels: 16 | flow: systemd-etcd 17 | buffer: 18 | timekey: "1m" 19 | timekey_wait: "10s" 20 | timekey_use_utc: true 21 | chunk_limit_size: "2m" 22 | retry_max_interval: "30" 23 | retry_forever: true 24 | overflow_action: "block" 25 | -------------------------------------------------------------------------------- /katalog/loki-configs/systemd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | 8 | resources: 9 | - common 10 | - etcd 11 | namespace: logging 12 | -------------------------------------------------------------------------------- /katalog/loki-distributed/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # Loki Distributed - maintenance 2 | 3 | > [!NOTE] 4 | > This package is named Loki Distributed because it was created using the upstream chart with the same name. 5 | > From version 5.0.0 of the logging module the package has been migrated to use the `Loki` chart instead as 6 | > upstream. 7 | 8 | To maintain the Loki package, you should follow these steps. 9 | 10 | Search the latest `Helm Loki` (and not `loki-distributed`) chart from [Grafana Helm Charts releases][github-releases] (there are other charts in the releases page). 11 | 12 | Then you can template the chart using the following commands (change the chart version accordingly in the last command): 13 | 14 | ```bash 15 | helm repo add grafana https://grafana.github.io/helm-charts 16 | helm repo update 17 | helm template loki-distributed grafana/loki --version 6.28.0 --values MAINTENANCE.values.yaml -n logging > loki-built.yaml 18 | ``` 19 | 20 | With the `loki-built.yaml` file, check differences with the current `deploy.yml` file and change accordingly. 21 | 22 | The following has been modified manually on top of what's generated from the chart: 23 | 24 | - Loki configuration has been moved on it's own file `configs/config.yaml` 25 | - Gateway service has been renamed from `loki-distributed-gateway` to `loki-stack` to maintain compatibility with existing loki-configs 26 | - Configmap loki has been changed to a secret 27 | - The ServiceMonitors are not supported anymore with the new chart (they can still be used, when created manually, but will not be created automatically 28 | when using the new chart). Hence they have been moved into the service-monitor.yaml file. 29 | - The components follow the `loki-distributed` naming to maintain compatibility with existing resources. 30 | - The `loki-memberlist` Service has been renamed to `loki-distributed-memberlist` to maintain compatibility. 31 | 32 | [github-releases]: https://github.com/grafana/helm-charts/releases?q=loki-distributed&expanded=true 33 | -------------------------------------------------------------------------------- /katalog/loki-distributed/README.md: -------------------------------------------------------------------------------- 1 | # Loki Distributed 2 | 3 | 4 | 5 | Loki is a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus. 6 | It is designed to be very cost effective and easy to operate. 7 | It does not index the contents of the logs, but rather a set of labels for each log stream. 8 | 9 | > [!NOTE] 10 | > This package is named Loki Distributed because it was created using the upstream chart with the same name. 11 | > From version 5.0.0 of the logging module the package has been migrated to use the `Loki` chart instead as 12 | > upstream. 13 | 14 | ## Requirements 15 | 16 | - Kubernetes >= `1.24.0` 17 | - Kustomize >= `v3.10.0` 18 | - [prometheus-operator from SD monitoring module][prometheus-operator] 19 | - [grafana from SD monitoring module][grafana] (module version `>=1.15.0`) 20 | - [minio-ha](../minio-ha) 21 | 22 | > Prometheus Operator is necessary since we configure a `ServiceMonitor` to make 23 | > some metrics available from `loki` on prometheus 24 | 25 | ## Image repository and tag 26 | 27 | - Loki image: `grafana/loki` 28 | - Loki repo: [Loki on Github][loki-gh] 29 | 30 | ## Configuration 31 | 32 | Loki Distributed is deployed in the following configuration: 33 | 34 | - Each microservice has its own Deployment/StatefulSet 35 | - Each Deployment has its own HPA 36 | - Common resources set as: 37 | 38 | ```yaml 39 | resources: 40 | requests: 41 | cpu: 100m 42 | memory: 128Mi 43 | limits: 44 | cpu: 500m 45 | memory: 1024Mi 46 | ``` 47 | 48 | ## Deployment 49 | 50 | You can deploy Loki Distributed by running the following command in the root of 51 | the project: 52 | 53 | ```shell 54 | kustomize build | kubectl apply -f - 55 | ``` 56 | 57 | This project also implements a dynamic Loki datasource that our Grafana from the monitoring stack automatically fetches and configures. 58 | To see the logs, navigate in Grafana to the [explore section][grafana-explore-doc]. 59 | 60 | > Note: These instructions are only for installing Loki as a log storage solution. 61 | > For complete instructions, please refer to the main README of the Logging module. 62 | 63 | 64 | 65 | [prometheus-operator]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/prometheus-operator 66 | [grafana]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/grafana 67 | [grafana-explore-doc]: https://grafana.com/docs/grafana/latest/explore/ 68 | [loki-gh]: https://github.com/grafana/loki 69 | 70 | 71 | 72 | ## License 73 | 74 | For license details please see [LICENSE](../../LICENSE) 75 | -------------------------------------------------------------------------------- /katalog/loki-distributed/configs/config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025-present SIGHUP s.r.l. All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | # 5 | auth_enabled: false 6 | bloom_build: 7 | builder: 8 | planner_address: loki-distributed-bloom-planner-headless.logging.svc.cluster.local:9095 9 | enabled: false 10 | distributor: 11 | ring: 12 | kvstore: 13 | store: memberlist 14 | bloom_gateway: 15 | client: 16 | addresses: dnssrvnoa+_grpc._tcp.loki-distributed-bloom-gateway-headless.logging.svc.cluster.local 17 | enabled: false 18 | common: 19 | compactor_address: 'http://loki-distributed-compactor:3100' 20 | path_prefix: /var/loki 21 | replication_factor: 1 22 | storage: 23 | s3: 24 | bucketnames: loki 25 | insecure: true 26 | endpoint: http://minio-logging.logging.svc.cluster.local:9000 27 | access_key_id: ${MINIO_ACCESS_KEY:-minio} 28 | secret_access_key: ${MINIO_SECRET_KEY:-minio123} 29 | s3forcepathstyle: true 30 | frontend: 31 | compress_responses: true 32 | log_queries_longer_than: 5s 33 | scheduler_address: loki-distributed-query-scheduler.logging.svc.cluster.local:9095 34 | tail_proxy_url: http://loki-distributed-querier.logging.svc.cluster.local:3100 35 | frontend_worker: 36 | scheduler_address: loki-distributed-query-scheduler.logging.svc.cluster.local:9095 37 | index_gateway: 38 | mode: simple 39 | ingester: 40 | chunk_block_size: 262144 41 | chunk_idle_period: 30m 42 | chunk_retain_period: 1m 43 | chunk_encoding: snappy 44 | lifecycler: 45 | ring: 46 | kvstore: 47 | store: memberlist 48 | replication_factor: 1 49 | wal: 50 | dir: /var/loki/wal 51 | flush_on_shutdown: true 52 | limits_config: 53 | allow_structured_metadata: true 54 | max_cache_freshness_per_query: 10m 55 | query_timeout: 300s 56 | reject_old_samples: true 57 | reject_old_samples_max_age: 168h 58 | split_queries_by_interval: 15m 59 | volume_enabled: true 60 | max_label_names_per_series: 30 61 | retention_period: 720h 62 | memberlist: 63 | join_members: 64 | - loki-distributed-memberlist 65 | pattern_ingester: 66 | enabled: true 67 | querier: 68 | max_concurrent: 4 69 | query_range: 70 | align_queries_with_step: true 71 | cache_results: true 72 | results_cache: 73 | cache: 74 | embedded_cache: 75 | enabled: true 76 | ttl: 24h 77 | runtime_config: 78 | file: /etc/loki/runtime-config/runtime-config.yaml 79 | schema_config: 80 | configs: 81 | - from: "2020-10-24" 82 | index: 83 | period: 24h 84 | prefix: index_ 85 | object_store: s3 86 | schema: v11 87 | store: boltdb-shipper 88 | - from: "2024-12-01" 89 | index: 90 | period: 24h 91 | prefix: index_ 92 | object_store: s3 93 | schema: v13 94 | store: tsdb 95 | server: 96 | grpc_listen_port: 9095 97 | http_listen_port: 3100 98 | http_server_read_timeout: 600s 99 | http_server_write_timeout: 600s 100 | storage_config: 101 | bloom_shipper: 102 | working_directory: /var/loki/data/bloomshipper 103 | boltdb_shipper: 104 | active_index_directory: /var/loki/index 105 | cache_location: /var/loki/cache 106 | cache_ttl: 24h 107 | resync_interval: 5s 108 | index_gateway_client: 109 | server_address: dns+loki-distributed-index-gateway-headless.logging.svc.cluster.local:9095 110 | hedging: 111 | at: 250ms 112 | max_per_second: 20 113 | up_to: 3 114 | tsdb_shipper: 115 | active_index_directory: /var/loki/index 116 | cache_location: /var/loki/cache 117 | cache_ttl: 24h 118 | resync_interval: 5s 119 | index_gateway_client: 120 | server_address: dns+loki-distributed-index-gateway-headless.logging.svc.cluster.local:9095 121 | compactor: 122 | working_directory: /var/loki/compactor 123 | retention_enabled: true 124 | retention_delete_delay: 2h 125 | retention_delete_worker_count: 150 126 | delete_request_store: s3 127 | tracing: 128 | enabled: false 129 | 130 | -------------------------------------------------------------------------------- /katalog/loki-distributed/datasource/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | generatorOptions: 12 | labels: 13 | grafana-sighup-datasource: default 14 | annotations: 15 | grafana-folder: "Logging" 16 | disableNameSuffixHash: true 17 | 18 | secretGenerator: 19 | - name: grafana-datasource-loki 20 | files: 21 | - loki.yaml 22 | -------------------------------------------------------------------------------- /katalog/loki-distributed/datasource/loki.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: 1 6 | datasources: 7 | - name: Loki 8 | type: loki 9 | access: proxy 10 | url: http://loki-stack.logging.svc.cluster.local:3100 11 | version: 1 12 | -------------------------------------------------------------------------------- /katalog/loki-distributed/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | resources: 12 | - datasource 13 | - deploy.yaml 14 | - service-monitor.yaml 15 | 16 | images: 17 | - name: docker.io/grafana/loki 18 | newName: registry.sighup.io/fury/grafana/loki 19 | newTag: 3.4.2 20 | - name: docker.io/nginxinc/nginx-unprivileged 21 | newName: registry.sighup.io/fury/nginxinc/nginx-unprivileged 22 | newTag: 1.27.3-alpine 23 | 24 | secretGenerator: 25 | - name: loki 26 | files: 27 | - configs/config.yaml 28 | - name: minio-credentials-loki 29 | envs: 30 | - minio-credentials.env 31 | -------------------------------------------------------------------------------- /katalog/loki-distributed/minio-credentials.env: -------------------------------------------------------------------------------- 1 | MINIO_ACCESS_KEY=minio 2 | MINIO_SECRET_KEY=minio123 3 | -------------------------------------------------------------------------------- /katalog/minio-ha/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # MinIO HA - maintenance 2 | 3 | To maintain the MinIO package, you should follow these steps. 4 | 5 | 1. Take note of the latest chart version from [Main Minio repository releases](https://github.com/minio/minio/releases). 6 | 2. Take note also of the latest pushed version of both [`fury/minio`](https://registry.sighup.io/harbor/projects/37/repositories/minio/artifacts-tab`) and [`fury/minio/mc`](https://registry.sighup.io/harbor/projects/37/repositories/minio%2Fmc/artifacts-tab) images in our Harbor registry 7 | - If necessary, add a newer version on our [fury-distribution-container-image-sync](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/dr/images.yml#L102) git repo 8 | 9 | 3. Run the following commands: 10 | 11 | ```bash 12 | VERSION=5.4.0 # update this to the latest chart version 13 | MINIO_TAG="RELEASE.2025-02-28T09-55-16Z" # update this to the latest fury/minio image tag 14 | MC_TAG="RELEASE.2025-02-21T16-00-46Z" # update this to the latest fury/minio/mc image tag 15 | helm repo add minio https://charts.min.io/ 16 | helm repo update 17 | helm pull minio/minio --version $VERSION --untar --untardir /tmp # this command will download the chart in /tmp/minio 18 | helm template minio-logging /tmp/minio/ --values MAINTENANCE.values.yaml --set "image.tag"="$MINIO_TAG" --set "imageMc.tag"="$MC_TAG" -n logging > minio-built.yaml 19 | ``` 20 | 21 | Minio's helm comes packaged with a specific mc (its client) version, to find out 22 | which version comes with it you can inspect `/tmp/minio/values.yaml`. 23 | 24 | What was customized (what differs from the helm template command): 25 | 26 | - Secret `minio-logging` is generated from Kustomize, so it must be removed from `minio-built.yaml` 27 | - ConfigMap `minio-logging` is removed as it was not used 28 | - Added a custom init job to create buckets and add 7 day retention 29 | 30 | Review the differences between `minio-built.yaml` and `deploy.yaml`, make the customization described above and replace `deploy.yaml` with the contents of `minio-built.yaml`. 31 | 32 | Cleanup: 33 | 34 | ```bash 35 | rm minio-built.yaml 36 | rm -rf /tmp/minio 37 | ``` 38 | -------------------------------------------------------------------------------- /katalog/minio-ha/MAINTENANCE.values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | image: 6 | repository: registry.sighup.io/fury/minio 7 | tag: RELEASE.2024-10-13T13-34-11Z 8 | pullPolicy: IfNotPresent 9 | 10 | mcImage: 11 | repository: registry.sighup.io/fury/minio/mc 12 | tag: RELEASE.2024-10-08T09-37-26Z 13 | pullPolicy: IfNotPresent 14 | 15 | mode: distributed 16 | 17 | rootUser: "minio" 18 | rootPassword: "minio123" 19 | 20 | # Number of drives attached to a node 21 | drivesPerNode: 2 22 | # Number of MinIO containers running 23 | replicas: 3 24 | # Number of expanded MinIO clusters 25 | pools: 1 26 | 27 | ## TLS Settings for MinIO 28 | tls: 29 | enabled: false 30 | 31 | persistence: 32 | enabled: true 33 | size: 10Gi 34 | 35 | ingress: 36 | enabled: false 37 | 38 | consoleIngress: 39 | enabled: false 40 | 41 | affinity: 42 | podAntiAffinity: 43 | preferredDuringSchedulingIgnoredDuringExecution: 44 | - weight: 100 45 | podAffinityTerm: 46 | labelSelector: 47 | matchExpressions: 48 | - key: "release" 49 | operator: In 50 | values: 51 | - minio-logging 52 | topologyKey: "kubernetes.io/hostname" 53 | topologySpreadConstraints: [] 54 | 55 | ## Add stateful containers to have security context, if enabled MinIO will run as this 56 | ## user and group NOTE: securityContext is only enabled if persistence.enabled=true 57 | securityContext: 58 | enabled: true 59 | runAsUser: 1000 60 | runAsGroup: 1000 61 | fsGroup: 1000 62 | fsGroupChangePolicy: "OnRootMismatch" 63 | 64 | # Additational pod annotations 65 | podAnnotations: {} 66 | 67 | # Additional pod labels 68 | podLabels: {} 69 | 70 | ## Configure resource requests and limits 71 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ 72 | ## 73 | resources: 74 | requests: 75 | cpu: 100m 76 | memory: 512Mi 77 | 78 | ## List of users to be created after minio install 79 | ## 80 | users: [] 81 | ## Username, password and policy to be assigned to the user 82 | ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] 83 | ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management 84 | ## NOTE: this will fail if LDAP is enabled in your MinIO deployment 85 | ## make sure to disable this if you are using LDAP. 86 | #- accessKey: console 87 | # secretKey: console123 88 | # policy: consoleAdmin 89 | # Or you can refer to specific secret 90 | #- accessKey: externalSecret 91 | # existingSecret: my-secret 92 | # existingSecretKey: password 93 | # policy: readonly 94 | 95 | ## List of buckets to be created after minio install 96 | ## 97 | buckets: [] 98 | 99 | 100 | ## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' 101 | ## and 'name' is left unspecified, the account 'default' will be used. 102 | serviceAccount: 103 | create: true 104 | ## The name of the service account to use. If 'create' is 'true', a service account with that name 105 | ## will be created. 106 | name: "minio-sa" 107 | 108 | metrics: 109 | serviceMonitor: 110 | enabled: true 111 | # scrape each node/pod individually for additional metrics 112 | includeNode: true 113 | public: true 114 | additionalLabels: {} 115 | # for node metrics 116 | relabelConfigs: {} 117 | # for cluster metrics 118 | relabelConfigsCluster: {} 119 | # metricRelabelings: 120 | # - regex: (server|pod) 121 | # action: labeldrop 122 | # namespace: monitoring 123 | # interval: 30s 124 | # scrapeTimeout: 10s 125 | -------------------------------------------------------------------------------- /katalog/minio-ha/README.md: -------------------------------------------------------------------------------- 1 | # MinIO HA 2 | 3 | 4 | 5 | MinIO is a popular distributed object storage system that allows organizations to deploy highly available 6 | and scalable storage infrastructure. 7 | In order to achieve high availability (HA) for MinIO, a cluster of multiple MinIO nodes must be deployed backed by their own set of PVCs. 8 | 9 | ## Requirements 10 | 11 | - Kubernetes >= `1.23.0` 12 | - Kustomize >= `v3.5.3` 13 | - [prometheus-operator from SD monitoring module][prometheus-operator] 14 | 15 | > Prometheus Operator is necessary since we configure a `ServiceMonitor` to make 16 | > some metrics available from `minio` on prometheus 17 | 18 | ## Image repository and tag 19 | 20 | * MinIO image: `minio/minio` 21 | * MinIO repo: [MinIO on GitHub][minio-gh] 22 | 23 | ## Configuration 24 | 25 | MinIO HA is deployed in the following configuration: 26 | 27 | - Three Pod MinIO statefulset with 2 PVCs per Pod 28 | - Custom init Job to initialize buckets (`loki` and `errors`) and default retention (7 days on `errors` bucket) 29 | 30 | ## Deployment 31 | 32 | You can deploy minio-ha by running the following command in the root of 33 | the project: 34 | 35 | ```shell 36 | kustomize build | kubectl apply -f - 37 | ``` 38 | 39 | 40 | 41 | [prometheus-operator]: https://github.com/sighup-io/fury-kubernetes-monitoring/blob/master/katalog/prometheus-operator 42 | [minio-gh]: https://github.com/minio/minio 43 | 44 | 45 | 46 | ## License 47 | 48 | For license details please see [LICENSE](../../LICENSE) 49 | -------------------------------------------------------------------------------- /katalog/minio-ha/initialize-minio-buckets.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: batch/v1 7 | kind: Job 8 | metadata: 9 | name: minio-logging-buckets-setup 10 | labels: 11 | app: minio-logging-buckets-setup 12 | spec: 13 | template: 14 | metadata: 15 | labels: 16 | app: minio-logging-buckets-setup 17 | spec: 18 | serviceAccountName: wait-for-minio 19 | restartPolicy: OnFailure 20 | volumes: 21 | - name: config 22 | emptyDir: {} 23 | initContainers: 24 | - name: wait-for-minio 25 | image: registry.sighup.io/fury/groundnuty/k8s-wait-for 26 | imagePullPolicy: Always 27 | args: ["pod", "-lapp=minio"] 28 | containers: 29 | - name: mc 30 | image: registry.sighup.io/fury/minio/mc 31 | imagePullPolicy: Always 32 | envFrom: 33 | - secretRef: 34 | name: minio-logging 35 | command: 36 | - /bin/bash 37 | - -c 38 | - | 39 | set -e 40 | mc --config-dir=/config config host add logging http://minio-logging.logging.svc.cluster.local:9000 ${rootUser} ${rootPassword} 41 | mc --config-dir=/config mb -p logging/loki 42 | mc --config-dir=/config mb -p logging/errors 43 | mc --config-dir=/config ilm add --expiry-days "7" logging/errors 44 | volumeMounts: 45 | - name: config 46 | mountPath: "/config" 47 | --- 48 | apiVersion: v1 49 | kind: ServiceAccount 50 | metadata: 51 | name: wait-for-minio 52 | --- 53 | apiVersion: rbac.authorization.k8s.io/v1 54 | kind: Role 55 | metadata: 56 | name: wait-for-minio 57 | rules: 58 | - apiGroups: 59 | - "" 60 | resources: 61 | - pods 62 | verbs: 63 | - get 64 | - list 65 | --- 66 | apiVersion: rbac.authorization.k8s.io/v1 67 | kind: RoleBinding 68 | metadata: 69 | name: minio-setup:wait-for-minio 70 | roleRef: 71 | apiGroup: rbac.authorization.k8s.io 72 | kind: Role 73 | name: wait-for-minio 74 | subjects: 75 | - kind: ServiceAccount 76 | name: wait-for-minio 77 | namespace: logging 78 | -------------------------------------------------------------------------------- /katalog/minio-ha/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | resources: 12 | - deploy.yaml 13 | - initialize-minio-buckets.yaml 14 | - prometheusrules.yaml 15 | 16 | images: 17 | - name: registry.sighup.io/fury/groundnuty/k8s-wait-for 18 | newTag: v1.6 19 | - name: registry.sighup.io/fury/minio/mc 20 | newTag: RELEASE.2025-02-21T16-00-46Z 21 | 22 | secretGenerator: 23 | - name: minio-logging 24 | literals: 25 | - rootPassword=minio123 26 | - rootUser=minio 27 | -------------------------------------------------------------------------------- /katalog/minio-ha/prometheusrules.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: monitoring.coreos.com/v1 7 | kind: PrometheusRule 8 | metadata: 9 | labels: 10 | prometheus: k8s 11 | role: alert-rules 12 | name: minio-logging-rules 13 | namespace: logging 14 | spec: 15 | groups: 16 | - name: minio.rules 17 | rules: 18 | - alert: MinioLoggingClusterDiskOffline 19 | expr: minio_cluster_disk_offline_total{job="minio-logging"} > 0 20 | for: 5m 21 | labels: 22 | severity: critical 23 | annotations: 24 | summary: Minio cluster disk offline (instance {{ $labels.instance }}) 25 | description: "Minio cluster disk is offline\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" 26 | - alert: MinioLoggingNodeDiskOffline 27 | expr: minio_cluster_nodes_offline_total{job="minio-logging"} > 0 28 | for: 5m 29 | labels: 30 | severity: critical 31 | annotations: 32 | summary: Minio node disk offline (instance {{ $labels.instance }}) 33 | description: "Minio cluster node disk is offline\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" 34 | - alert: MinioLoggingDiskSpaceUsage 35 | expr: minio_cluster_capacity_usable_free_bytes{job="minio-logging"} / minio_cluster_capacity_usable_total_bytes{job="minio-logging"} * 100 < 10 36 | for: 5m 37 | labels: 38 | severity: warning 39 | annotations: 40 | summary: Minio disk space usage (instance {{ $labels.instance }}) 41 | description: "Minio available free space is low (< 10%)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" 42 | -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # Opensearch Dashboards - maintenance 2 | 3 | To maintain the Opensearch Dashboards package, you should follow these steps. 4 | 5 | 1. Take note of the latest chart version from [Opensearch Helm Charts][opensearch-helm-charts]. 6 | 2. Take note also of the latest pushed version of the [`fury/opensearchproject/opensearch-dashboards`](https://registry.sighup.io/harbor/projects/37/repositories/opensearchproject%2Fopensearch-dashboards/artifacts-tab`) image in our Harbor registry 7 | - If necessary, add a newer version on our [fury-distribution-container-image-sync](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/logging/images.yml#L36) git repo 8 | 9 | 3. Run the following commands: 10 | 11 | ```bash 12 | VERSION=2.28.0 # update this to the latest chart version 13 | IMAGE_TAG="2.19.1" # update this to the latest fury/opensearchproject/opensearch-dashboards image tag 14 | helm repo add opensearch https://opensearch-project.github.io/helm-charts/ 15 | helm repo update 16 | helm pull opensearch/opensearch-dashboards --version $VERSION --untar --untardir /tmp # this command will download the chart in /tmp/opensearch-dashboards 17 | helm template opensearch-dashboards /tmp/opensearch-dashboards/ --values MAINTENANCE.values.yaml --set "image.tag"="$IMAGE_TAG" -n logging > opensearch-dashboards-built.yaml 18 | IMAGE_TAG="$IMAGE_TAG" yq -i '(.images[] | select(.name == "*opensearchproject/opensearch-dashboards")).newTag |= env(IMAGE_TAG)' kustomization.yaml 19 | ``` 20 | 21 | > [!TIP] 22 | > Chart v2.28.0 uses OpenSearch Dashboards v2.19.1 23 | 24 | What was customized: 25 | 26 | - removed Helm labels 27 | - opensearch-dashboards created with secretGenerator 28 | - security plugin is disabled with a custom command for the container, we expect security on the ingress level or configured manually (in consequence `OPENSEARCH_HOSTS` is switched to http) 29 | 30 | Review the differences between `opensearch-dashboards-built.yaml` and `deploy.yaml`, make the customization described above and replace `deploy.yaml` with the contents of `opensearch-dashboards-built.yaml`. 31 | 32 | Cleanup: 33 | 34 | ```bash 35 | rm opensearch-dashboards-built.yaml 36 | rm -rf /tmp/opensearch-dashboards 37 | ``` 38 | 39 | [opensearch-helm-charts]: https://github.com/opensearch-project/helm-charts/releases 40 | -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/README.md: -------------------------------------------------------------------------------- 1 | # OpenSearch Dashboards 2 | 3 | 4 | 5 | OpenSearch Dashboards is an open-source analytics and visualization platform for OpenSearch. 6 | OpenSearch Dashboards lets you perform advanced data analysis and visualize data in a variety 7 | of charts, tables, and maps. You can use it to search, view, and interact with data 8 | stored in OpenSearch indices. 9 | 10 | ## Requirements 11 | 12 | - Kubernetes >= `1.23.0` 13 | - Kustomize = `v3.5.3` 14 | 15 | ## Image repository and tag 16 | 17 | * OpenSearch Dashboards image: `opensearchproject/opensearch-dashboards:2.11.0` 18 | * OpenSearch Dashboards repo: [OpenSearch Dashboards on Github][opensearch-dashboards-github] 19 | * OpenSearch Dashboards documentation: [OpenSearch Dashboards at opensearch.org][opensearch-dashboards-doc] 20 | 21 | ## Configuration 22 | 23 | - Replica number: `1` 24 | - Listens on port `5601` 25 | - Resource limits are `100m` for CPU and `512Mi` for memory 26 | - Secured by `securiyContext` *(running as non-root, removed all Linux capabilities)* 27 | 28 | ## Deployment 29 | 30 | You can deploy OpenSearch Dashboard by running the following command in the root of the project: 31 | 32 | ```shell 33 | kustomize build | kubectl apply -f - 34 | ``` 35 | 36 | ### Accessing OpenSearch Dashboards UI 37 | 38 | You can access OpenSearch Dashboards web UI by port-forwarding on port `5601`: 39 | 40 | ```shell 41 | kubectl port-forward svc/opensearch-dashboards 5601:5601 --namespace logging 42 | ``` 43 | 44 | OpenSearch Dashboards will be available on `http://127.0.0.1:5601` from your browser. 45 | 46 | Links 47 | 48 | [opensearch-dashboards-doc]: https://opensearch.org/docs/latest/dashboards/index/ 49 | [opensearch-dashboards-github]: https://github.com/opensearch-project/OpenSearch-Dashboards 50 | 51 | 52 | 53 | ## License 54 | 55 | For license details please see [LICENSE](../../LICENSE) 56 | -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/configs/index-patterns.ndjson: -------------------------------------------------------------------------------- 1 | {"type":"index-pattern","id":"kubernetes","attributes":{"title":"kubernetes-*","timeFieldName":"@timestamp"}} 2 | {"type":"index-pattern","id":"infra","attributes":{"title":"infra-*","timeFieldName":"@timestamp"}} 3 | {"type":"index-pattern","id":"systemd","attributes":{"title":"systemd-*","timeFieldName":"@timestamp"}} 4 | {"type":"index-pattern","id":"events","attributes":{"title":"events-*","timeFieldName":"@timestamp"}} 5 | {"type":"index-pattern","id":"audit","attributes":{"title":"audit-*","timeFieldName":"@timestamp"}} 6 | {"type":"index-pattern","id":"ingress-controller","attributes":{"title":"ingress-controller-*","timeFieldName":"@timestamp"}} 7 | -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/configs/opensearch_dashboards.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | # Copyright OpenSearch Contributors 7 | # SPDX-License-Identifier: Apache-2.0 8 | 9 | # Description: 10 | # Default configuration for OpenSearch Dashboards 11 | 12 | server.host: '0' 13 | 14 | ## If security is enabled, the following settings are required 15 | #opensearch.ssl.verificationMode: none 16 | #opensearch.username: kibanaserver 17 | #opensearch.password: kibanaserver 18 | #opensearch.requestHeadersWhitelist: [authorization, securitytenant] 19 | # 20 | #opensearch_security.multitenancy.enabled: false 21 | #opensearch_security.readonly_mode.roles: [kibana_read_only] 22 | ## Use this setting if you are running opensearch-dashboards without https 23 | #opensearch_security.cookie.secure: false 24 | -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/index-patterns-cronjob.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: batch/v1 7 | kind: CronJob 8 | metadata: 9 | name: index-patterns-cronjob 10 | spec: 11 | jobTemplate: 12 | spec: 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: opensearch-dashboards 17 | app.kubernetes.io/instance: opensearch-dashboards 18 | spec: 19 | containers: 20 | - name: index-patterns 21 | securityContext: 22 | capabilities: 23 | drop: 24 | - ALL 25 | runAsNonRoot: true 26 | runAsUser: 1000 27 | image: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 28 | imagePullPolicy: IfNotPresent 29 | command: 30 | - /bin/sh 31 | - -c 32 | - | 33 | curl -X POST "http://opensearch-dashboards:5601/api/saved_objects/_import?overwrite=true" -H "osd-xsrf: true" --form file=@/tmp/index-patterns.ndjson 34 | volumeMounts: 35 | - name: config-volume 36 | mountPath: /tmp/index-patterns.ndjson 37 | subPath: index-patterns.ndjson 38 | volumes: 39 | - name: config-volume 40 | configMap: 41 | name: opensearch-index-patterns 42 | items: 43 | - key: index-patterns.ndjson 44 | path: index-patterns.ndjson 45 | restartPolicy: OnFailure 46 | schedule: "0 * * * *" -------------------------------------------------------------------------------- /katalog/opensearch-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | resources: 12 | - deploy.yaml 13 | - index-patterns-cronjob.yml 14 | 15 | images: 16 | - name: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 17 | newTag: "2.19.1" 18 | 19 | secretGenerator: 20 | - name: opensearch-dashboards 21 | files: 22 | - configs/opensearch_dashboards.yml 23 | 24 | configMapGenerator: 25 | - name: opensearch-index-patterns 26 | files: 27 | - configs/index-patterns.ndjson 28 | -------------------------------------------------------------------------------- /katalog/opensearch-single/MAINTENANCE.md: -------------------------------------------------------------------------------- 1 | # OpenSearch - maintenance 2 | 3 | To maintain the OpenSearch package, you should follow these steps. 4 | 5 | 1. Take note of the latest chart version from [Opensearch Helm Charts][opensearch-helm-charts]. 6 | 2. Take note also of the latest pushed version of the [`fury/opensearchproject/opensearch`](https://registry.sighup.io/harbor/projects/37/repositories/opensearchproject%2Fopensearch/artifacts-tab`) image in our Harbor registry 7 | - If necessary, add a newer version on our [fury-distribution-container-image-sync](https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/logging/images.yml#L36) git repo 8 | 9 | 3. Run the following commands: 10 | 11 | ```bash 12 | VERSION=2.32.0 # update this to the latest chart version 13 | IMAGE_TAG="2.19.1" # update this to the latest fury/opensearchproject/opensearch image tag 14 | helm repo add opensearch https://opensearch-project.github.io/helm-charts/ 15 | helm repo update 16 | helm pull opensearch/opensearch --version $VERSION --untar --untardir /tmp # this command will download the chart in /tmp/opensearch 17 | helm template opensearch /tmp/opensearch/ --values MAINTENANCE.values.yaml --set "image.tag"="$IMAGE_TAG" -n logging > opensearch-built.yaml 18 | IMAGE_TAG="$IMAGE_TAG" yq -i '(.images[] | select(.name == "*opensearchproject/opensearch-dashboards")).newTag |= env(IMAGE_TAG)' kustomization.yaml 19 | ``` 20 | 21 | > [!TIP] 22 | > Chart v2.32.0 uses OpenSearch v2.19.1 23 | 24 | The provided values will deploy a custom `fsgroups` initContainer, because the one provided with vanilla values 25 | does not change the `fs.file-max` value with `sysctl`. 26 | We also added a custom sidecar container to export Prometheus metrics. We are using this strategy because the [prometheus-exporter](https://github.com/Aiven-Open/prometheus-exporter-plugin-for-opensearch) plugin is not compatible with the latest versions of OpenSearch yet. 27 | 28 | Manual changes from the output of `helm template`: 29 | 30 | - removed helm release labels 31 | 32 | Then, Kustomize will automate the following changes: 33 | 34 | - added custom prometheus AlertRules 35 | - security plugin is disabled via ConfigMap, we expect security on the ingress level or configured manually 36 | - change the `alpine` and `elasticsearch-exporter` images to use our Harbor registry 37 | 38 | Cleanup: 39 | 40 | ```bash 41 | rm opensearch-built.yaml 42 | rm -rf /tmp/opensearch 43 | ``` 44 | 45 | [opensearch-helm-charts]: https://github.com/opensearch-project/helm-charts/releases 46 | -------------------------------------------------------------------------------- /katalog/opensearch-single/MAINTENANCE.values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright OpenSearch Contributors 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | # Default values for opensearch-dashboards. 5 | # This is a YAML-formatted file. 6 | # Declare variables to be passed into your templates. 7 | 8 | --- 9 | clusterName: "opensearch-cluster" 10 | nodeGroup: "master" 11 | singleNode: false 12 | masterService: "opensearch-cluster-master" 13 | roles: 14 | - master 15 | - ingest 16 | - data 17 | - remote_cluster_client 18 | replicas: 1 19 | opensearchHome: /usr/share/opensearch 20 | config: null 21 | extraEnvs: 22 | - name: DISABLE_INSTALL_DEMO_CONFIG 23 | value: "true" 24 | - name: DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI 25 | value: "true" 26 | 27 | image: 28 | repository: "registry.sighup.io/fury/opensearchproject/opensearch" 29 | # override image tag, which is .Chart.AppVersion by default 30 | tag: "" 31 | pullPolicy: "IfNotPresent" 32 | 33 | opensearchJavaOpts: "-Xms2G -Xmx2G" 34 | 35 | resources: 36 | limits: 37 | cpu: 2000m 38 | memory: 4G 39 | requests: 40 | cpu: 1500m 41 | memory: 3G 42 | 43 | networkHost: "0.0.0.0" 44 | 45 | persistence: 46 | enabled: true 47 | # Set to false to disable the `fsgroup-volume` initContainer that will update permissions on the persistent disk. 48 | enableInitChown: false 49 | accessModes: 50 | - ReadWriteOnce 51 | size: 30Gi 52 | 53 | extraVolumes: 54 | - name: config 55 | configMap: 56 | name: opensearch-cluster-master-config 57 | extraVolumeMounts: 58 | - name: config 59 | mountPath: /usr/share/opensearch/config/opensearch.yml 60 | subPath: opensearch.yml 61 | 62 | extraContainers: 63 | - name: exporter 64 | image: "quay.io/prometheuscommunity/elasticsearch-exporter" 65 | args: 66 | - '--es.uri=http://localhost:9200' 67 | - '--collector.clustersettings' 68 | - '--es.indices' 69 | - '--collector.snapshots' 70 | - '--web.listen-address=:9108' 71 | ports: 72 | - containerPort: 9108 73 | name: metrics 74 | resources: 75 | limits: 76 | cpu: 200m 77 | memory: 400Mi 78 | requests: 79 | cpu: 100m 80 | memory: 200Mi 81 | 82 | extraInitContainers: 83 | - name: fsgroup-volume 84 | image: alpine 85 | command: ['sh', '-c'] 86 | args: 87 | - | 88 | sysctl -a 89 | MAX_MAP_COUNT=$(sysctl -a | grep max_map_count | cut -d " " -f3) 90 | if [ "$MAX_MAP_COUNT" -gt "262143" ]; then 91 | echo "Nothing to do, vm.max_map_count value is high enough" 92 | else 93 | echo "Changing vm.max_map_count value to 262144" 94 | sysctl -w vm.max_map_count=262144 95 | sysctl -p 96 | fi 97 | FILE_MAX=$(sysctl -a | grep file-max | cut -d " " -f3) 98 | if [ "$FILE_MAX" -gt "524287" ]; then 99 | echo "Nothing to do, fs.file-max value is high enough" 100 | else 101 | echo "Changing fs.file-max value to 524288" 102 | sysctl -w fs.file-max=524288 103 | sysctl -p 104 | fi 105 | chown -R 1000:1000 /usr/share/opensearch/data 106 | securityContext: 107 | privileged: true 108 | runAsUser: 0 109 | volumeMounts: 110 | - name: "opensearch-cluster-master" 111 | mountPath: /usr/share/opensearch/data 112 | 113 | antiAffinityTopologyKey: "kubernetes.io/hostname" 114 | antiAffinity: "soft" 115 | 116 | podManagementPolicy: "Parallel" 117 | enableServiceLinks: true 118 | 119 | protocol: http 120 | httpPort: 9200 121 | transportPort: 9300 122 | metricsPort: 9108 123 | httpHostPort: "" 124 | transportHostPort: "" 125 | 126 | service: 127 | type: ClusterIP 128 | httpPortName: http 129 | transportPortName: transport 130 | metricsPortName: metrics 131 | 132 | updateStrategy: RollingUpdate 133 | 134 | maxUnavailable: 1 135 | 136 | podSecurityContext: 137 | fsGroup: 1000 138 | runAsUser: 1000 139 | 140 | securityContext: 141 | capabilities: 142 | drop: 143 | - ALL 144 | # readOnlyRootFilesystem: true 145 | runAsNonRoot: true 146 | runAsUser: 1000 147 | runAsGroup: 1000 148 | 149 | startupProbe: 150 | tcpSocket: 151 | port: 9200 152 | initialDelaySeconds: 5 153 | periodSeconds: 10 154 | timeoutSeconds: 3 155 | failureThreshold: 30 156 | 157 | livenessProbe: {} 158 | 159 | readinessProbe: 160 | tcpSocket: 161 | port: 9200 162 | periodSeconds: 5 163 | timeoutSeconds: 3 164 | failureThreshold: 3 165 | 166 | ingress: 167 | enabled: false 168 | 169 | networkPolicy: 170 | create: false 171 | 172 | http: 173 | enabled: false 174 | 175 | # We create out own SM 176 | serviceMonitor: 177 | enabled: false 178 | -------------------------------------------------------------------------------- /katalog/opensearch-single/README.md: -------------------------------------------------------------------------------- 1 | # OpenSearch Single 2 | 3 | 4 | 5 | OpenSearch is an open-source distributed search and analytics engine used for 6 | log analytics. This package deploys a single node OpenSearch cluster on 7 | Kubernetes. 8 | 9 | > ⚠️ Please note that the OpenSearch Single variant is not intended for production use. Please use [opensearch-triple](../opensearch-triple), the high-availability version, for production. 10 | 11 | ## Requirements 12 | 13 | - Kubernetes >= `1.24.0` 14 | - Kustomize = `v3.10.0` 15 | - [prometheus-operator][prometheus-operator] 16 | 17 | > Prometheus Operator is necessary since we configure a `ServiceMonitor` to make 18 | > some metrics available from `OpenSearch` on prometheus 19 | 20 | ## Image repository and tag 21 | 22 | - OpenSearch image: `opensearchproject/opensearch:2.17.1` 23 | - OpenSearch repo: [OpenSearch on Github][opensearch-gh] 24 | - OpenSearch documentation: [OpenSearch Homepage][opensearch-doc] 25 | 26 | ## Configuration 27 | 28 | Fury distribution OpenSearch Single is deployed with the following configuration: 29 | 30 | - Single node 31 | - Listens on port `9200` for client connections 32 | - Resource limits are `2000m` for CPU and `4G` for memory 33 | - Requires `30Gi` storage 34 | - Prometheus exporter to expose OpenSearch metrics 35 | - Metrics are scraped by Prometheus every `30s` 36 | 37 | ## Deployment 38 | 39 | You can deploy OpenSearch Single by running the following command in the root of 40 | the project: 41 | 42 | ```shell 43 | kustomize build | kubectl apply -f - 44 | ``` 45 | 46 | ## Alerts 47 | 48 | Since we are configuring a `ServiceMonitor` in this package, the following Prometheus [alerts][opensearch-rules] are already defined: 49 | 50 | | Alert | Description | Severity | Interval | 51 | | ------------------------------ | -------------------------------------------------------------------- | -------- | :------: | 52 | | OpenSearchClusterRed | This alert fires when the health of the opensearch cluster is RED | critical | 30m | 53 | | OpenSearchYellow | This alert fires when the health of the opensearch cluster is YELLOW | warning | 30m | 54 | | OpenSearchOfRelocationShards | This alert fires when there are relocating shards for 30 minutes | warning | 30m | 55 | | OpenSearchOfInitializingShards | This alert fires when there are initializing shards for 30 minutes | warning | 30m | 56 | | OpenSearchOfUnassignedShards | This alert fires when there are unassigned shards for 30 minutes | warning | 30m | 57 | | OpenSearchOfPendingTasks | This alert fires when there pending task for 30 minutes | warning | 30m | 58 | 59 | > ℹ️ when using the OpenSearch single variant, the cluster will be in `YELLOW` state because of the single replica. 60 | 61 | 62 | 63 | [opensearch-rules]: https://awesome-prometheus-alerts.grep.to/rules.html#elasticsearch-1 64 | [opensearch-gh]: https://github.com/opensearch-project/OpenSearch 65 | [opensearch-doc]: https://opensearch.org/docs/latest 66 | [prometheus-operator]: https://github.com/sighupio/fury-kubernetes-monitoring/tree/master/katalog/prometheus-operator 67 | 68 | 69 | 70 | ## License 71 | 72 | For license details please see [LICENSE](../../LICENSE) 73 | -------------------------------------------------------------------------------- /katalog/opensearch-single/configs/opensearch.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | cluster.name: opensearch-cluster 6 | 7 | # Bind to all interfaces because we don't know what IP address Docker will assign to us. 8 | network.host: 0.0.0.0 9 | 10 | # # minimum_master_nodes need to be explicitly set when bound on a public IP 11 | # # set to 1 to allow single node clusters 12 | # discovery.zen.minimum_master_nodes: 1 13 | 14 | # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. 15 | # discovery.type: single-node 16 | 17 | # Start OpenSearch Security Demo Configuration 18 | # WARNING: revise all the lines below before you go into production 19 | plugins: 20 | security: 21 | disabled: true 22 | ## If security is enabled, the following settings are required 23 | #ssl: 24 | # transport: 25 | # pemcert_filepath: esnode.pem 26 | # pemkey_filepath: esnode-key.pem 27 | # pemtrustedcas_filepath: root-ca.pem 28 | # enforce_hostname_verification: false 29 | # http: 30 | # enabled: false 31 | #allow_unsafe_democertificates: true 32 | #allow_default_init_securityindex: true 33 | #authcz: 34 | # admin_dn: 35 | # - CN=fury,OU=sighup,O=sighup,L=milan,C=it 36 | #audit.type: internal_opensearch 37 | #enable_snapshot_restore_privilege: true 38 | #check_snapshot_restore_write_privileges: true 39 | #restapi: 40 | # roles_enabled: ["all_access"] 41 | #system_indices: 42 | # enabled: true 43 | # indices: 44 | # [ 45 | # ".opendistro-alerting-config", 46 | # ".opendistro-alerting-alert*", 47 | # ".opendistro-anomaly-results*", 48 | # ".opendistro-anomaly-detector*", 49 | # ".opendistro-anomaly-checkpoints", 50 | # ".opendistro-anomaly-detection-state", 51 | # ".opendistro-reports-*", 52 | # ".opendistro-notifications-*", 53 | # ".opendistro-notebooks", 54 | # ".opendistro-asynchronous-search-response*", 55 | # ] 56 | -------------------------------------------------------------------------------- /katalog/opensearch-single/configs/retention.json: -------------------------------------------------------------------------------- 1 | { 2 | "policy": { 3 | "description": "delete INDEXNAME indexes after 30 days", 4 | "default_state": "hot", 5 | "states": [ 6 | { 7 | "name": "hot", 8 | "actions": [], 9 | "transitions": [ 10 | { 11 | "state_name": "delete", 12 | "conditions": { 13 | "min_index_age": "30d" 14 | } 15 | } 16 | ] 17 | }, 18 | { 19 | "name": "delete", 20 | "actions": [ 21 | { 22 | "retry": { 23 | "count": 3, 24 | "backoff": "exponential", 25 | "delay": "1m" 26 | }, 27 | "delete": {} 28 | } 29 | ], 30 | "transitions": [] 31 | } 32 | ], 33 | "ism_template": [ 34 | { 35 | "index_patterns": [ 36 | "INDEXNAME-*" 37 | ], 38 | "priority": 1 39 | } 40 | ] 41 | } 42 | } -------------------------------------------------------------------------------- /katalog/opensearch-single/ism-policy-cronjob.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: batch/v1 7 | kind: CronJob 8 | metadata: 9 | name: ism-policy-cronjob 10 | spec: 11 | jobTemplate: 12 | spec: 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: opensearch 17 | app.kubernetes.io/instance: opensearch 18 | spec: 19 | containers: 20 | - name: policy 21 | securityContext: 22 | capabilities: 23 | drop: 24 | - ALL 25 | runAsNonRoot: true 26 | runAsUser: 1000 27 | image: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 28 | imagePullPolicy: IfNotPresent 29 | command: 30 | - /bin/sh 31 | - -c 32 | - | 33 | cp /tmp/retention.json kubernetes-retention.json 34 | sed -i 's/INDEXNAME/kubernetes/g' kubernetes-retention.json 35 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/kubernetes" -H "Content-Type: application/json" -d @./kubernetes-retention.json 36 | cp /tmp/retention.json audit-retention.json 37 | sed -i 's/INDEXNAME/audit/g' audit-retention.json 38 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/audit" -H "Content-Type: application/json" -d @./audit-retention.json 39 | cp /tmp/retention.json events-retention.json 40 | sed -i 's/INDEXNAME/events/g' events-retention.json 41 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/events" -H "Content-Type: application/json" -d @./events-retention.json 42 | cp /tmp/retention.json systemd-retention.json 43 | sed -i 's/INDEXNAME/systemd/g' systemd-retention.json 44 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/systemd" -H "Content-Type: application/json" -d @./systemd-retention.json 45 | cp /tmp/retention.json ingress-controller-retention.json 46 | sed -i 's/INDEXNAME/ingress-controller/g' ingress-controller-retention.json 47 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/ingress-controller" -H "Content-Type: application/json" -d @./ingress-controller-retention.json 48 | cp /tmp/retention.json infra-retention.json 49 | sed -i 's/INDEXNAME/infra/g' infra-retention.json 50 | curl -X PUT "http://opensearch-cluster-master:9200/_plugins/_ism/policies/infra" -H "Content-Type: application/json" -d @./infra-retention.json 51 | volumeMounts: 52 | - name: config-volume 53 | mountPath: /tmp 54 | volumes: 55 | - name: config-volume 56 | configMap: 57 | name: opensearch-ism-policies 58 | restartPolicy: OnFailure 59 | schedule: "0 * * * *" -------------------------------------------------------------------------------- /katalog/opensearch-single/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | namespace: logging 9 | images: 10 | - name: quay.io/prometheuscommunity/elasticsearch-exporter 11 | newName: registry.sighup.io/fury/prometheuscommunity/elasticsearch-exporter 12 | newTag: "v1.8.0" 13 | - name: registry.sighup.io/fury/opensearchproject/opensearch-dashboards 14 | newTag: "2.19.1" 15 | - name: alpine 16 | newName: registry.sighup.io/fury/alpine 17 | newTag: "3.14" 18 | resources: 19 | - deploy.yaml 20 | - sm.yml 21 | - rules.yml 22 | - ism-policy-cronjob.yml 23 | configMapGenerator: 24 | - name: opensearch-cluster-master-config 25 | files: 26 | - configs/opensearch.yml 27 | - name: opensearch-ism-policies 28 | files: 29 | - configs/retention.json 30 | -------------------------------------------------------------------------------- /katalog/opensearch-single/rules.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: monitoring.coreos.com/v1 7 | kind: PrometheusRule 8 | metadata: 9 | labels: 10 | prometheus: k8s 11 | role: alert-rules 12 | name: opensearch-rules 13 | namespace: logging 14 | spec: 15 | groups: 16 | - name: opensearch.rules 17 | rules: 18 | - alert: OpenSearchClusterRed 19 | expr: elasticsearch_cluster_health_status{color="red"} == 1 20 | for: 30m 21 | labels: 22 | severity: critical 23 | annotations: 24 | description: 'OpenSearch Cluster status is Red, cluster: {{ $labels.cluster }})' 25 | doc: "OpenSearch Cluster status is Red in the last 30 minutes." 26 | - alert: OpenSearchClusterYellow 27 | expr: elasticsearch_cluster_health_status{color="yellow"} == 1 28 | for: 30m 29 | labels: 30 | severity: warning 31 | annotations: 32 | description: 'OpenSearch Cluster status is Yellow, cluster: {{ $labels.cluster }})' 33 | doc: "OpenSearch Cluster status is Yellow in the last 30 minutes." 34 | - alert: OpenSearchNumberOfRelocationShards 35 | expr: elasticsearch_cluster_health_relocating_shards > 0 36 | for: 30m 37 | labels: 38 | severity: warning 39 | annotations: 40 | description: 'Number of relocationg shards in the last 30 min: {{ $value }} in the cluster: {{ $labels.cluster }}' 41 | doc: "Number of relocation shards for 30 min" 42 | - alert: OpenSearchNumberOfInitializingShards 43 | expr: elasticsearch_cluster_health_initializing_shards > 0 44 | for: 30m 45 | labels: 46 | severity: warning 47 | annotations: 48 | description: 'Number of initializing shards in the last 30 min: {{ $value }} in the cluster: {{ $labels.cluster }}' 49 | doc: "Number of initializing shards in the last 30 min." 50 | - alert: OpenSearchNumberOfUnassignedShards 51 | expr: elasticsearch_cluster_health_unassigned_shards > 0 52 | for: 30m 53 | labels: 54 | severity: warning 55 | annotations: 56 | description: 'Number of unassigned shards in the last 30 min: {{ $value }} in the cluster: {{ $labels.cluster }}' 57 | doc: "Number of unassigned shards in the last 30 min." 58 | - alert: OpenSearchNumberOfPendingTasks 59 | expr: elasticsearch_cluster_health_number_of_pending_tasks > 0 60 | for: 30m 61 | labels: 62 | severity: warning 63 | annotations: 64 | description: 'Number of pending tasks in the last 30 min: {{ $value }} in the cluster: {{ $labels.cluster }}' 65 | doc: "Number of pending tasks in the last 30 min." 66 | -------------------------------------------------------------------------------- /katalog/opensearch-single/sm.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: monitoring.coreos.com/v1 7 | kind: ServiceMonitor 8 | metadata: 9 | labels: 10 | k8s-app: opensearch 11 | name: opensearch 12 | spec: 13 | endpoints: 14 | - interval: 30s 15 | port: metrics 16 | jobLabel: k8s-app 17 | namespaceSelector: 18 | matchNames: 19 | - logging 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/name: opensearch 23 | -------------------------------------------------------------------------------- /katalog/opensearch-triple/README.md: -------------------------------------------------------------------------------- 1 | # OpenSearch Triple 2 | 3 | 4 | 5 | OpenSearch is an open-source distributed search and analytics engine used for 6 | log analytics. This package deploys a three-node OpenSearch cluster on 7 | Kubernetes. 8 | 9 | `opensearch-triple` is a high availability setup of OpenSearch, that sets 10 | up a 3-node cluster of `OpenSearch` for a robust and reliable setup. 11 | 12 | ## Requirements 13 | 14 | - Kubernetes >= `1.24.0` 15 | - Kustomize >= `v3.10.X` 16 | - [prometheus-operator][prometheus-operator] 17 | 18 | > Prometheus Operator is necessary since we configure a `ServiceMonitor` to make 19 | > some metrics available from `opensearch` on prometheus. Please refer, 20 | > [`opensearch-single](../opensearch-single/README.md#alerts) to read 21 | > about the available Prometheus rules. 22 | 23 | ## Image repository and tag 24 | 25 | - OpenSearch image: `opensearchproject/opensearch:2.17.1` 26 | - OpenSearch repo: [OpenSearch on Github][opensearch-gh] 27 | - OpenSearch documentation: [OpenSearch Homepage][opensearch-doc] 28 | 29 | ## Configuration 30 | 31 | OpenSearch Triple is deployed with the following configuration: 32 | 33 | - OpenSearch cluster with `3` nodes 34 | - Listens on port `9200` for client connections 35 | - Listens on port `9300` for node-to-node connections 36 | - Resource limits are `2000m` for CPU and `4G` for memory 37 | - Requires `30Gi` storage 38 | - Each OpenSearch node is running in a different Kubernetes node 39 | - Prometheus exporter to expose OpenSearch metrics 40 | - Metrics are scraped by Prometheus every `30s` 41 | 42 | ## Deployment 43 | 44 | You can deploy OpenSearch Triple by running the following command in the root of the project: 45 | 46 | ```shell 47 | kustomize build | kubectl apply -f - 48 | ``` 49 | 50 | 51 | 52 | [opensearch-gh]: https://github.com/opensearch-project/OpenSearch 53 | [opensearch-doc]: https://opensearch.org/docs/latest 54 | [prometheus-operator]: https://github.com/sighupio/fury-kubernetes-monitoring/tree/master/katalog/prometheus-operator 55 | 56 | 57 | 58 | ## License 59 | 60 | For license details please see [LICENSE](../../LICENSE) 61 | -------------------------------------------------------------------------------- /katalog/opensearch-triple/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | 9 | namespace: logging 10 | 11 | resources: 12 | - ../opensearch-single 13 | 14 | patches: 15 | - path: triple.yml 16 | -------------------------------------------------------------------------------- /katalog/opensearch-triple/triple.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | --- 6 | apiVersion: apps/v1 7 | kind: StatefulSet 8 | metadata: 9 | name: opensearch-cluster-master 10 | spec: 11 | replicas: 3 12 | template: 13 | spec: 14 | affinity: 15 | podAntiAffinity: 16 | preferredDuringSchedulingIgnoredDuringExecution: 17 | - weight: 100 18 | podAffinityTerm: 19 | labelSelector: 20 | matchExpressions: 21 | - key: "app.kubernetes.io/name" 22 | operator: In 23 | values: 24 | - opensearch 25 | topologyKey: "kubernetes.io/hostname" 26 | containers: 27 | - name: opensearch 28 | env: 29 | - name: cluster.initial_master_nodes 30 | value: "opensearch-cluster-master-0,opensearch-cluster-master-1,opensearch-cluster-master-2," -------------------------------------------------------------------------------- /katalog/tests/helper.bash: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | # shellcheck disable=SC2086,SC2154,SC2034 4 | 5 | set -o pipefail 6 | 7 | kaction(){ 8 | path=$1 9 | verb=$2 10 | kustomize build $path | kubectl $verb -f - 11 | } 12 | 13 | apply (){ 14 | kustomize build $1 >&2 15 | kustomize build $1 | kubectl apply -f - --server-side 2>&3 16 | } 17 | 18 | delete (){ 19 | kustomize build $1 >&2 20 | kustomize build $1 | kubectl delete -f - 2>&3 21 | } 22 | 23 | info(){ 24 | echo -e "${BATS_TEST_NUMBER}: ${BATS_TEST_DESCRIPTION}" >&3 25 | } 26 | 27 | loop_it(){ 28 | retry_counter=0 29 | max_retry=${2:-100} 30 | wait_time=${3:-2} 31 | run ${1} 32 | ko=${status} 33 | loop_it_result=${ko} 34 | while [[ ko -ne 0 ]] 35 | do 36 | if [ $retry_counter -ge $max_retry ]; then echo "Timeout waiting a condition"; return 1; fi 37 | sleep ${wait_time} && echo "# waiting..." $retry_counter >&3 38 | run ${1} 39 | ko=${status} 40 | loop_it_result=${ko} 41 | retry_counter=$((retry_counter + 1)) 42 | done 43 | return 0 44 | } 45 | -------------------------------------------------------------------------------- /katalog/tests/kind/config.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | kind: Cluster 6 | apiVersion: kind.x-k8s.io/v1alpha4 7 | # we let kind choose a random port for the API server. 8 | # networking: 9 | # apiServerAddress: "0.0.0.0" 10 | # One control plane node and three "workers". 11 | # 12 | # While these will not add more real compute capacity and 13 | # have limited isolation, this can be useful for testing 14 | # rolling updates etc. 15 | # 16 | # The API-server and other control plane components will be 17 | # on the control-plane node. 18 | # 19 | # You probably don't need this unless you are testing Kubernetes itself. 20 | nodes: 21 | - role: control-plane 22 | - role: worker 23 | - role: worker 24 | -------------------------------------------------------------------------------- /katalog/tests/pytest.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright (c) 2020 SIGHUP s.r.l All rights reserved. 3 | # Use of this source code is governed by a BSD-style 4 | # license that can be found in the LICENSE file. 5 | 6 | 7 | # set -x 8 | set -e 9 | set -u 10 | set -o pipefail 11 | 12 | find . -type f \ 13 | -name 'kustomization.yaml' \ 14 | -not -path './examples/*' | \ 15 | sort | \ 16 | xargs dirname | \ 17 | while read -r dir; do 18 | echo "------------- RUNNING TESTS INTO $dir ---------" 19 | kustomize build "$dir" > /dev/null 20 | set +e 21 | kustomize build "$dir" | pytest -svv --disable-pytest-warnings katalog/tests/test.py 22 | set -e 23 | done 24 | 25 | exit 0 26 | --------------------------------------------------------------------------------