bc9c6df31d
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Upload container runtime log to sd/es. I've verified this in my environment. My stackdriver has an extra `container-runtime` entry for node log, and it collects container runtime daemon log correctly. @yujuhong @feiskyer @crassirostris @piosz @kubernetes/sig-node-pr-reviews @kubernetes/sig-instrumentation-pr-reviews Signed-off-by: Lantao Liu <lantaol@google.com> **Release note**: ```release-note Container runtime daemon (e.g. dockerd) logs in GCE cluster will be uploaded to stackdriver and elasticsearch with tag `container-runtime` ```
117 lines
2.9 KiB
YAML
117 lines
2.9 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: fluentd-es
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: fluentd-es
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: fluentd-es
|
|
labels:
|
|
k8s-app: fluentd-es
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- "namespaces"
|
|
- "pods"
|
|
verbs:
|
|
- "get"
|
|
- "watch"
|
|
- "list"
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: fluentd-es
|
|
labels:
|
|
k8s-app: fluentd-es
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: fluentd-es
|
|
namespace: kube-system
|
|
apiGroup: ""
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: fluentd-es
|
|
apiGroup: ""
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: fluentd-es-v2.0.4
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: fluentd-es
|
|
version: v2.0.4
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: fluentd-es
|
|
version: v2.0.4
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: fluentd-es
|
|
kubernetes.io/cluster-service: "true"
|
|
version: v2.0.4
|
|
# This annotation ensures that fluentd does not get evicted if the node
|
|
# supports critical pod annotation based priority scheme.
|
|
# Note that this does not guarantee admission on the nodes (#40573).
|
|
annotations:
|
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
spec:
|
|
priorityClassName: system-node-critical
|
|
serviceAccountName: fluentd-es
|
|
containers:
|
|
- name: fluentd-es
|
|
image: k8s.gcr.io/fluentd-elasticsearch:v2.0.4
|
|
env:
|
|
- name: FLUENTD_ARGS
|
|
value: --no-supervisor -q
|
|
resources:
|
|
limits:
|
|
memory: 500Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 200Mi
|
|
volumeMounts:
|
|
- name: varlog
|
|
mountPath: /var/log
|
|
- name: varlibdockercontainers
|
|
mountPath: /var/lib/docker/containers
|
|
readOnly: true
|
|
- name: libsystemddir
|
|
mountPath: /host/lib
|
|
readOnly: true
|
|
- name: config-volume
|
|
mountPath: /etc/fluent/config.d
|
|
nodeSelector:
|
|
beta.kubernetes.io/fluentd-ds-ready: "true"
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- name: varlog
|
|
hostPath:
|
|
path: /var/log
|
|
- name: varlibdockercontainers
|
|
hostPath:
|
|
path: /var/lib/docker/containers
|
|
# It is needed to copy systemd library to decompress journals
|
|
- name: libsystemddir
|
|
hostPath:
|
|
path: /usr/lib64
|
|
- name: config-volume
|
|
configMap:
|
|
name: fluentd-es-config-v0.1.4
|