summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging/templates
diff options
context:
space:
mode:
authorewolinetz <ewolinet@redhat.com>2017-05-02 11:21:56 -0500
committerewolinetz <ewolinet@redhat.com>2017-05-22 10:42:52 -0500
commit60ad4626f03cbfb119290a4bfaf9ecba53dc762b (patch)
tree766cafb64b81d26ba9cad66e84153248aad7141a /roles/openshift_logging/templates
parenta8e826248539179c5ef69ec003701be608e89b70 (diff)
downloadopenshift-60ad4626f03cbfb119290a4bfaf9ecba53dc762b.tar.gz
openshift-60ad4626f03cbfb119290a4bfaf9ecba53dc762b.tar.bz2
openshift-60ad4626f03cbfb119290a4bfaf9ecba53dc762b.tar.xz
openshift-60ad4626f03cbfb119290a4bfaf9ecba53dc762b.zip
Pulling in changes from master
Diffstat (limited to 'roles/openshift_logging/templates')
-rw-r--r--roles/openshift_logging/templates/clusterrole.j221
-rw-r--r--roles/openshift_logging/templates/clusterrolebinding.j224
-rw-r--r--roles/openshift_logging/templates/curator.j298
-rw-r--r--roles/openshift_logging/templates/elasticsearch-logging.yml.j281
-rw-r--r--roles/openshift_logging/templates/elasticsearch.yml.j281
-rw-r--r--roles/openshift_logging/templates/es-storage-emptydir.partial1
-rw-r--r--roles/openshift_logging/templates/es-storage-hostpath.partial2
-rw-r--r--roles/openshift_logging/templates/es-storage-pvc.partial2
-rw-r--r--roles/openshift_logging/templates/es.j2110
-rw-r--r--roles/openshift_logging/templates/fluentd.j2167
-rw-r--r--roles/openshift_logging/templates/kibana.j2139
-rw-r--r--roles/openshift_logging/templates/mux.j2121
-rw-r--r--roles/openshift_logging/templates/oauth-client.j215
-rw-r--r--roles/openshift_logging/templates/pvc.j227
-rw-r--r--roles/openshift_logging/templates/rolebinding.j214
-rw-r--r--roles/openshift_logging/templates/route_reencrypt.j236
-rw-r--r--roles/openshift_logging/templates/secret.j29
-rw-r--r--roles/openshift_logging/templates/service.j234
-rw-r--r--roles/openshift_logging/templates/serviceaccount.j216
19 files changed, 0 insertions, 998 deletions
diff --git a/roles/openshift_logging/templates/clusterrole.j2 b/roles/openshift_logging/templates/clusterrole.j2
deleted file mode 100644
index 0d28db48e..000000000
--- a/roles/openshift_logging/templates/clusterrole.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: ClusterRole
-metadata:
- name: {{obj_name}}
-rules:
-{% for rule in rules %}
-- resources:
-{% for kind in rule.resources %}
- - {{ kind }}
-{% endfor %}
- apiGroups:
-{% if rule.api_groups is defined %}
-{% for group in rule.api_groups %}
- - {{ group }}
-{% endfor %}
-{% endif %}
- verbs:
-{% for verb in rule.verbs %}
- - {{ verb }}
-{% endfor %}
-{% endfor %}
diff --git a/roles/openshift_logging/templates/clusterrolebinding.j2 b/roles/openshift_logging/templates/clusterrolebinding.j2
deleted file mode 100644
index 2d25ff1fb..000000000
--- a/roles/openshift_logging/templates/clusterrolebinding.j2
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: ClusterRoleBinding
-metadata:
- name: {{obj_name}}
-{% if crb_usernames is defined %}
-userNames:
-{% for name in crb_usernames %}
- - {{ name }}
-{% endfor %}
-{% endif %}
-{% if crb_groupnames is defined %}
-groupNames:
-{% for name in crb_groupnames %}
- - {{ name }}
-{% endfor %}
-{% endif %}
-subjects:
-{% for sub in subjects %}
- - kind: {{ sub.kind }}
- name: {{ sub.name }}
- namespace: {{sub.namespace}}
-{% endfor %}
-roleRef:
- name: {{obj_name}}
diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2
deleted file mode 100644
index c6284166b..000000000
--- a/roles/openshift_logging/templates/curator.j2
+++ /dev/null
@@ -1,98 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
- name: "{{deploy_name}}"
- labels:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
-spec:
- replicas: {{replicas|default(0)}}
- selector:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
- strategy:
- rollingParams:
- intervalSeconds: 1
- timeoutSeconds: 600
- updatePeriodSeconds: 1
- type: Recreate
- template:
- metadata:
- name: "{{deploy_name}}"
- labels:
- logging-infra: "{{logging_component}}"
- provider: openshift
- component: "{{component}}"
- spec:
- terminationGracePeriod: 600
- serviceAccountName: aggregated-logging-curator
-{% if curator_node_selector is iterable and curator_node_selector | length > 0 %}
- nodeSelector:
-{% for key, value in curator_node_selector.iteritems() %}
- {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
- containers:
- -
- name: "curator"
- image: {{image}}
- imagePullPolicy: Always
- resources:
- limits:
- cpu: "{{curator_cpu_limit}}"
-{% if curator_memory_limit is defined and curator_memory_limit is not none %}
- memory: "{{curator_memory_limit}}"
-{% endif %}
- env:
- -
- name: "K8S_HOST_URL"
- value: "{{openshift_logging_master_url}}"
- -
- name: "ES_HOST"
- value: "{{es_host}}"
- -
- name: "ES_PORT"
- value: "{{es_port}}"
- -
- name: "ES_CLIENT_CERT"
- value: "/etc/curator/keys/cert"
- -
- name: "ES_CLIENT_KEY"
- value: "/etc/curator/keys/key"
- -
- name: "ES_CA"
- value: "/etc/curator/keys/ca"
- -
- name: "CURATOR_DEFAULT_DAYS"
- value: "{{openshift_logging_curator_default_days}}"
- -
- name: "CURATOR_RUN_HOUR"
- value: "{{openshift_logging_curator_run_hour}}"
- -
- name: "CURATOR_RUN_MINUTE"
- value: "{{openshift_logging_curator_run_minute}}"
- -
- name: "CURATOR_RUN_TIMEZONE"
- value: "{{openshift_logging_curator_run_timezone}}"
- -
- name: "CURATOR_SCRIPT_LOG_LEVEL"
- value: "{{openshift_logging_curator_script_log_level}}"
- -
- name: "CURATOR_LOG_LEVEL"
- value: "{{openshift_logging_curator_log_level}}"
- volumeMounts:
- - name: certs
- mountPath: /etc/curator/keys
- readOnly: true
- - name: config
- mountPath: /etc/curator/settings
- readOnly: true
- volumes:
- - name: certs
- secret:
- secretName: logging-curator
- - name: config
- configMap:
- name: logging-curator
diff --git a/roles/openshift_logging/templates/elasticsearch-logging.yml.j2 b/roles/openshift_logging/templates/elasticsearch-logging.yml.j2
deleted file mode 100644
index 499e77fb7..000000000
--- a/roles/openshift_logging/templates/elasticsearch-logging.yml.j2
+++ /dev/null
@@ -1,81 +0,0 @@
-# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
-es.logger.level: INFO
-rootLogger: ${es.logger.level}, {{root_logger}}
-logger:
- # log action execution errors for easier debugging
- action: WARN
-
- # deprecation logging, turn to DEBUG to see them
- deprecation: WARN, deprecation_log_file
-
- # reduce the logging for aws, too much is logged under the default INFO
- com.amazonaws: WARN
-
- io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL}
- io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL}
-
- # aws will try to do some sketchy JMX stuff, but its not needed.
- com.amazonaws.jmx.SdkMBeanRegistrySupport: ERROR
- com.amazonaws.metrics.AwsSdkMetrics: ERROR
-
- org.apache.http: INFO
-
- # gateway
- #gateway: DEBUG
- #index.gateway: DEBUG
-
- # peer shard recovery
- #indices.recovery: DEBUG
-
- # discovery
- #discovery: TRACE
-
- index.search.slowlog: TRACE, index_search_slow_log_file
- index.indexing.slowlog: TRACE, index_indexing_slow_log_file
-
- # search-guard
- com.floragunn.searchguard: WARN
-
-additivity:
- index.search.slowlog: false
- index.indexing.slowlog: false
- deprecation: false
-
-appender:
- console:
- type: console
- layout:
- type: consolePattern
- conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %.10000m%n"
-
- file:
- type: dailyRollingFile
- file: ${path.logs}/${cluster.name}.log
- datePattern: "'.'yyyy-MM-dd"
- layout:
- type: pattern
- conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
- deprecation_log_file:
- type: dailyRollingFile
- file: ${path.logs}/${cluster.name}_deprecation.log
- datePattern: "'.'yyyy-MM-dd"
- layout:
- type: pattern
- conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
- index_search_slow_log_file:
- type: dailyRollingFile
- file: ${path.logs}/${cluster.name}_index_search_slowlog.log
- datePattern: "'.'yyyy-MM-dd"
- layout:
- type: pattern
- conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
- index_indexing_slow_log_file:
- type: dailyRollingFile
- file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
- datePattern: "'.'yyyy-MM-dd"
- layout:
- type: pattern
- conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2
deleted file mode 100644
index 355642cb7..000000000
--- a/roles/openshift_logging/templates/elasticsearch.yml.j2
+++ /dev/null
@@ -1,81 +0,0 @@
-cluster:
- name: ${CLUSTER_NAME}
-
-script:
- inline: on
- indexed: on
-
-index:
- number_of_shards: {{ es_number_of_shards | default ('1') }}
- number_of_replicas: {{ es_number_of_replicas | default ('0') }}
- unassigned.node_left.delayed_timeout: 2m
- translog:
- flush_threshold_size: 256mb
- flush_threshold_period: 5m
-
-node:
- master: true
- data: true
-
-network:
- host: 0.0.0.0
-
-cloud:
- kubernetes:
- service: ${SERVICE_DNS}
- namespace: ${NAMESPACE}
-
-discovery:
- type: kubernetes
- zen.ping.multicast.enabled: false
- zen.minimum_master_nodes: ${NODE_QUORUM}
-
-gateway:
- recover_after_nodes: ${NODE_QUORUM}
- expected_nodes: ${RECOVER_EXPECTED_NODES}
- recover_after_time: ${RECOVER_AFTER_TIME}
-
-io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
-io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
-io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
-
-openshift.config:
- use_common_data_model: true
- project_index_prefix: "project"
- time_field_name: "@timestamp"
-
-openshift.searchguard:
- keystore.path: /etc/elasticsearch/secret/admin.jks
- truststore.path: /etc/elasticsearch/secret/searchguard.truststore
-
-openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}}
-
-path:
- data: /elasticsearch/persistent/${CLUSTER_NAME}/data
- logs: /elasticsearch/${CLUSTER_NAME}/logs
- work: /elasticsearch/${CLUSTER_NAME}/work
- scripts: /elasticsearch/${CLUSTER_NAME}/scripts
-
-searchguard:
- authcz.admin_dn:
- - CN=system.admin,OU=OpenShift,O=Logging
- config_index_name: ".searchguard.${HOSTNAME}"
- ssl:
- transport:
- enabled: true
- enforce_hostname_verification: false
- keystore_type: JKS
- keystore_filepath: /etc/elasticsearch/secret/searchguard.key
- keystore_password: kspass
- truststore_type: JKS
- truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
- truststore_password: tspass
- http:
- enabled: true
- keystore_type: JKS
- keystore_filepath: /etc/elasticsearch/secret/key
- keystore_password: kspass
- clientauth_mode: OPTIONAL
- truststore_type: JKS
- truststore_filepath: /etc/elasticsearch/secret/truststore
- truststore_password: tspass
diff --git a/roles/openshift_logging/templates/es-storage-emptydir.partial b/roles/openshift_logging/templates/es-storage-emptydir.partial
deleted file mode 100644
index ccd01a816..000000000
--- a/roles/openshift_logging/templates/es-storage-emptydir.partial
+++ /dev/null
@@ -1 +0,0 @@
- emptyDir: {}
diff --git a/roles/openshift_logging/templates/es-storage-hostpath.partial b/roles/openshift_logging/templates/es-storage-hostpath.partial
deleted file mode 100644
index 07ddad9ba..000000000
--- a/roles/openshift_logging/templates/es-storage-hostpath.partial
+++ /dev/null
@@ -1,2 +0,0 @@
- hostPath:
- path: {{es_storage['path']}}
diff --git a/roles/openshift_logging/templates/es-storage-pvc.partial b/roles/openshift_logging/templates/es-storage-pvc.partial
deleted file mode 100644
index fcbff68de..000000000
--- a/roles/openshift_logging/templates/es-storage-pvc.partial
+++ /dev/null
@@ -1,2 +0,0 @@
- persistentVolumeClaim:
- claimName: {{es_storage['pvc_claim']}}
diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2
deleted file mode 100644
index 680c16cf4..000000000
--- a/roles/openshift_logging/templates/es.j2
+++ /dev/null
@@ -1,110 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
- name: "{{deploy_name}}"
- labels:
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- logging-infra: "{{logging_component}}"
-spec:
- replicas: {{replicas|default(0)}}
- selector:
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- logging-infra: "{{logging_component}}"
- strategy:
- type: Recreate
- template:
- metadata:
- name: "{{deploy_name}}"
- labels:
- logging-infra: "{{logging_component}}"
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- spec:
- terminationGracePeriod: 600
- serviceAccountName: aggregated-logging-elasticsearch
- securityContext:
- supplementalGroups:
- - {{openshift_logging_es_storage_group}}
-{% if es_node_selector is iterable and es_node_selector | length > 0 %}
- nodeSelector:
-{% for key, value in es_node_selector.iteritems() %}
- {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
- containers:
- -
- name: "elasticsearch"
- image: {{image}}
- imagePullPolicy: Always
- resources:
- limits:
- memory: "{{es_memory_limit}}"
-{% if es_cpu_limit is defined and es_cpu_limit is not none %}
- cpu: "{{es_cpu_limit}}"
-{% endif %}
- requests:
- memory: "512Mi"
- ports:
- -
- containerPort: 9200
- name: "restapi"
- -
- containerPort: 9300
- name: "cluster"
- env:
- -
- name: "NAMESPACE"
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- -
- name: "KUBERNETES_TRUST_CERT"
- value: "true"
- -
- name: "SERVICE_DNS"
- value: "logging-{{es_cluster_name}}-cluster"
- -
- name: "CLUSTER_NAME"
- value: "logging-{{es_cluster_name}}"
- -
- name: "INSTANCE_RAM"
- value: "{{openshift_logging_es_memory_limit}}"
- -
- name: "NODE_QUORUM"
- value: "{{es_node_quorum | int}}"
- -
- name: "RECOVER_EXPECTED_NODES"
- value: "{{es_recover_expected_nodes}}"
- -
- name: "RECOVER_AFTER_TIME"
- value: "{{openshift_logging_es_recover_after_time}}"
- volumeMounts:
- - name: elasticsearch
- mountPath: /etc/elasticsearch/secret
- readOnly: true
- - name: elasticsearch-config
- mountPath: /usr/share/java/elasticsearch/config
- readOnly: true
- - name: elasticsearch-storage
- mountPath: /elasticsearch/persistent
- readinessProbe:
- exec:
- command:
- - "/usr/share/elasticsearch/probe/readiness.sh"
- initialDelaySeconds: 5
- timeoutSeconds: 4
- periodSeconds: 5
- volumes:
- - name: elasticsearch
- secret:
- secretName: logging-elasticsearch
- - name: elasticsearch-config
- configMap:
- name: logging-elasticsearch
- - name: elasticsearch-storage
-{% include 'es-storage-'+ es_storage['kind'] + '.partial' %}
diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2
deleted file mode 100644
index 5c93d823e..000000000
--- a/roles/openshift_logging/templates/fluentd.j2
+++ /dev/null
@@ -1,167 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: "DaemonSet"
-metadata:
- name: "{{daemonset_name}}"
- labels:
- provider: openshift
- component: "{{daemonset_component}}"
- logging-infra: "{{daemonset_component}}"
-spec:
- selector:
- matchLabels:
- provider: openshift
- component: "{{daemonset_component}}"
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- minReadySeconds: 600
- template:
- metadata:
- name: "{{daemonset_container_name}}"
- labels:
- logging-infra: "{{daemonset_component}}"
- provider: openshift
- component: "{{daemonset_component}}"
- spec:
- serviceAccountName: "{{daemonset_serviceAccount}}"
- nodeSelector:
- {{fluentd_nodeselector_key}}: "{{fluentd_nodeselector_value}}"
- containers:
- - name: "{{daemonset_container_name}}"
- image: "{{openshift_logging_image_prefix}}{{daemonset_name}}:{{openshift_logging_image_version}}"
- imagePullPolicy: Always
- securityContext:
- privileged: true
- resources:
- limits:
- cpu: {{openshift_logging_fluentd_cpu_limit}}
- memory: {{openshift_logging_fluentd_memory_limit}}
- volumeMounts:
- - name: runlogjournal
- mountPath: /run/log/journal
- - name: varlog
- mountPath: /var/log
- - name: varlibdockercontainers
- mountPath: /var/lib/docker/containers
- readOnly: true
- - name: config
- mountPath: /etc/fluent/configs.d/user
- readOnly: true
- - name: certs
- mountPath: /etc/fluent/keys
- readOnly: true
- - name: dockerhostname
- mountPath: /etc/docker-hostname
- readOnly: true
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: dockercfg
- mountPath: /etc/sysconfig/docker
- readOnly: true
- - name: dockerdaemoncfg
- mountPath: /etc/docker
- readOnly: true
-{% if openshift_logging_use_mux_client | bool %}
- - name: muxcerts
- mountPath: /etc/fluent/muxkeys
- readOnly: true
-{% endif %}
- env:
- - name: "K8S_HOST_URL"
- value: "{{openshift_logging_master_url}}"
- - name: "ES_HOST"
- value: "{{openshift_logging_es_host}}"
- - name: "ES_PORT"
- value: "{{openshift_logging_es_port}}"
- - name: "ES_CLIENT_CERT"
- value: "{{openshift_logging_es_client_cert}}"
- - name: "ES_CLIENT_KEY"
- value: "{{openshift_logging_es_client_key}}"
- - name: "ES_CA"
- value: "{{openshift_logging_es_ca}}"
- - name: "OPS_HOST"
- value: "{{ops_host}}"
- - name: "OPS_PORT"
- value: "{{ops_port}}"
- - name: "OPS_CLIENT_CERT"
- value: "{{openshift_logging_es_ops_client_cert}}"
- - name: "OPS_CLIENT_KEY"
- value: "{{openshift_logging_es_ops_client_key}}"
- - name: "OPS_CA"
- value: "{{openshift_logging_es_ops_ca}}"
- - name: "ES_COPY"
- value: "{{openshift_logging_fluentd_es_copy|lower}}"
- - name: "ES_COPY_HOST"
- value: "{{es_copy_host | default('')}}"
- - name: "ES_COPY_PORT"
- value: "{{es_copy_port | default('')}}"
- - name: "ES_COPY_SCHEME"
- value: "{{es_copy_scheme | default('https')}}"
- - name: "ES_COPY_CLIENT_CERT"
- value: "{{es_copy_client_cert | default('')}}"
- - name: "ES_COPY_CLIENT_KEY"
- value: "{{es_copy_client_key | default('')}}"
- - name: "ES_COPY_CA"
- value: "{{es_copy_ca | default('')}}"
- - name: "ES_COPY_USERNAME"
- value: "{{es_copy_username | default('')}}"
- - name: "ES_COPY_PASSWORD"
- value: "{{es_copy_password | default('')}}"
- - name: "OPS_COPY_HOST"
- value: "{{ops_copy_host | default('')}}"
- - name: "OPS_COPY_PORT"
- value: "{{ops_copy_port | default('')}}"
- - name: "OPS_COPY_SCHEME"
- value: "{{ops_copy_scheme | default('https')}}"
- - name: "OPS_COPY_CLIENT_CERT"
- value: "{{ops_copy_client_cert | default('')}}"
- - name: "OPS_COPY_CLIENT_KEY"
- value: "{{ops_copy_client_key | default('')}}"
- - name: "OPS_COPY_CA"
- value: "{{ops_copy_ca | default('')}}"
- - name: "OPS_COPY_USERNAME"
- value: "{{ops_copy_username | default('')}}"
- - name: "OPS_COPY_PASSWORD"
- value: "{{ops_copy_password | default('')}}"
- - name: "USE_JOURNAL"
- value: "{{openshift_logging_fluentd_use_journal|lower}}"
- - name: "JOURNAL_SOURCE"
- value: "{{openshift_logging_fluentd_journal_source | default('')}}"
- - name: "JOURNAL_READ_FROM_HEAD"
- value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}"
- - name: "USE_MUX_CLIENT"
- value: "{{openshift_logging_use_mux_client| default('false')}}"
- volumes:
- - name: runlogjournal
- hostPath:
- path: /run/log/journal
- - name: varlog
- hostPath:
- path: /var/log
- - name: varlibdockercontainers
- hostPath:
- path: /var/lib/docker/containers
- - name: config
- configMap:
- name: logging-fluentd
- - name: certs
- secret:
- secretName: logging-fluentd
- - name: dockerhostname
- hostPath:
- path: /etc/hostname
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: dockercfg
- hostPath:
- path: /etc/sysconfig/docker
- - name: dockerdaemoncfg
- hostPath:
- path: /etc/docker
-{% if openshift_logging_use_mux_client | bool %}
- - name: muxcerts
- secret:
- secretName: logging-mux
-{% endif %}
diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2
deleted file mode 100644
index 25fab9ac4..000000000
--- a/roles/openshift_logging/templates/kibana.j2
+++ /dev/null
@@ -1,139 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
- name: "{{deploy_name}}"
- labels:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
-spec:
- replicas: {{replicas|default(0)}}
- selector:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
- strategy:
- rollingParams:
- intervalSeconds: 1
- timeoutSeconds: 600
- updatePeriodSeconds: 1
- type: Rolling
- template:
- metadata:
- name: "{{deploy_name}}"
- labels:
- logging-infra: "{{logging_component}}"
- provider: openshift
- component: "{{component}}"
- spec:
- serviceAccountName: aggregated-logging-kibana
-{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %}
- nodeSelector:
-{% for key, value in kibana_node_selector.iteritems() %}
- {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
- containers:
- -
- name: "kibana"
- image: {{image}}
- imagePullPolicy: Always
-{% if (kibana_memory_limit is defined and kibana_memory_limit is not none) or (kibana_cpu_limit is defined and kibana_cpu_limit is not none) %}
- resources:
- limits:
-{% if kibana_cpu_limit is not none %}
- cpu: "{{kibana_cpu_limit}}"
-{% endif %}
- memory: "{{kibana_memory_limit | default('736Mi') }}"
-{% endif %}
- env:
- - name: "ES_HOST"
- value: "{{es_host}}"
- - name: "ES_PORT"
- value: "{{es_port}}"
- -
- name: "KIBANA_MEMORY_LIMIT"
- valueFrom:
- resourceFieldRef:
- containerName: kibana
- resource: limits.memory
- volumeMounts:
- - name: kibana
- mountPath: /etc/kibana/keys
- readOnly: true
- -
- name: "kibana-proxy"
- image: {{proxy_image}}
- imagePullPolicy: Always
-{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none) or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none) %}
- resources:
- limits:
-{% if kibana_proxy_cpu_limit is not none %}
- cpu: "{{kibana_proxy_cpu_limit}}"
-{% endif %}
- memory: "{{kibana_proxy_memory_limit | default('96Mi') }}"
-{% endif %}
- ports:
- -
- name: "oaproxy"
- containerPort: 3000
- env:
- -
- name: "OAP_BACKEND_URL"
- value: "http://localhost:5601"
- -
- name: "OAP_AUTH_MODE"
- value: "oauth2"
- -
- name: "OAP_TRANSFORM"
- value: "user_header,token_header"
- -
- name: "OAP_OAUTH_ID"
- value: kibana-proxy
- -
- name: "OAP_MASTER_URL"
- value: {{openshift_logging_master_url}}
- -
- name: "OAP_PUBLIC_MASTER_URL"
- value: {{openshift_logging_master_public_url}}
- -
- name: "OAP_LOGOUT_REDIRECT"
- value: {{openshift_logging_master_public_url}}/console/logout
- -
- name: "OAP_MASTER_CA_FILE"
- value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
- -
- name: "OAP_DEBUG"
- value: "{{openshift_logging_kibana_proxy_debug}}"
- -
- name: "OAP_OAUTH_SECRET_FILE"
- value: "/secret/oauth-secret"
- -
- name: "OAP_SERVER_CERT_FILE"
- value: "/secret/server-cert"
- -
- name: "OAP_SERVER_KEY_FILE"
- value: "/secret/server-key"
- -
- name: "OAP_SERVER_TLS_FILE"
- value: "/secret/server-tls.json"
- -
- name: "OAP_SESSION_SECRET_FILE"
- value: "/secret/session-secret"
- -
- name: "OCP_AUTH_PROXY_MEMORY_LIMIT"
- valueFrom:
- resourceFieldRef:
- containerName: kibana-proxy
- resource: limits.memory
- volumeMounts:
- - name: kibana-proxy
- mountPath: /secret
- readOnly: true
- volumes:
- - name: kibana
- secret:
- secretName: logging-kibana
- - name: kibana-proxy
- secret:
- secretName: logging-kibana-proxy
diff --git a/roles/openshift_logging/templates/mux.j2 b/roles/openshift_logging/templates/mux.j2
deleted file mode 100644
index 41e6abd52..000000000
--- a/roles/openshift_logging/templates/mux.j2
+++ /dev/null
@@ -1,121 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
- name: "{{deploy_name}}"
- labels:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
-spec:
- replicas: {{replicas|default(0)}}
- selector:
- provider: openshift
- component: "{{component}}"
- logging-infra: "{{logging_component}}"
- strategy:
- rollingParams:
- intervalSeconds: 1
- timeoutSeconds: 600
- updatePeriodSeconds: 1
- type: Rolling
- template:
- metadata:
- name: "{{deploy_name}}"
- labels:
- logging-infra: "{{logging_component}}"
- provider: openshift
- component: "{{component}}"
- spec:
- serviceAccountName: aggregated-logging-fluentd
-{% if mux_node_selector is iterable and mux_node_selector | length > 0 %}
- nodeSelector:
-{% for key, value in mux_node_selector.iteritems() %}
- {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
- containers:
- - name: "mux"
- image: {{image}}
- imagePullPolicy: Always
-{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %}
- resources:
- limits:
-{% if mux_cpu_limit is not none %}
- cpu: "{{mux_cpu_limit}}"
-{% endif %}
-{% if mux_memory_limit is not none %}
- memory: "{{mux_memory_limit}}"
-{% endif %}
-{% endif %}
- ports:
- - containerPort: "{{ openshift_logging_mux_port }}"
- name: mux-forward
- volumeMounts:
- - name: config
- mountPath: /etc/fluent/configs.d/user
- readOnly: true
- - name: certs
- mountPath: /etc/fluent/keys
- readOnly: true
- - name: dockerhostname
- mountPath: /etc/docker-hostname
- readOnly: true
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: muxcerts
- mountPath: /etc/fluent/muxkeys
- readOnly: true
- env:
- - name: "K8S_HOST_URL"
- value: "{{openshift_logging_master_url}}"
- - name: "ES_HOST"
- value: "{{openshift_logging_es_host}}"
- - name: "ES_PORT"
- value: "{{openshift_logging_es_port}}"
- - name: "ES_CLIENT_CERT"
- value: "{{openshift_logging_es_client_cert}}"
- - name: "ES_CLIENT_KEY"
- value: "{{openshift_logging_es_client_key}}"
- - name: "ES_CA"
- value: "{{openshift_logging_es_ca}}"
- - name: "OPS_HOST"
- value: "{{ops_host}}"
- - name: "OPS_PORT"
- value: "{{ops_port}}"
- - name: "OPS_CLIENT_CERT"
- value: "{{openshift_logging_es_ops_client_cert}}"
- - name: "OPS_CLIENT_KEY"
- value: "{{openshift_logging_es_ops_client_key}}"
- - name: "OPS_CA"
- value: "{{openshift_logging_es_ops_ca}}"
- - name: "USE_JOURNAL"
- value: "false"
- - name: "JOURNAL_SOURCE"
- value: "{{openshift_logging_fluentd_journal_source | default('')}}"
- - name: "JOURNAL_READ_FROM_HEAD"
- value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}"
- - name: FORWARD_LISTEN_HOST
- value: "{{ openshift_logging_mux_hostname }}"
- - name: FORWARD_LISTEN_PORT
- value: "{{ openshift_logging_mux_port }}"
- - name: USE_MUX
- value: "true"
- - name: MUX_ALLOW_EXTERNAL
- value: "{{ openshift_logging_mux_allow_external| default('false') }}"
- volumes:
- - name: config
- configMap:
- name: logging-mux
- - name: certs
- secret:
- secretName: logging-fluentd
- - name: dockerhostname
- hostPath:
- path: /etc/hostname
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: muxcerts
- secret:
- secretName: logging-mux
diff --git a/roles/openshift_logging/templates/oauth-client.j2 b/roles/openshift_logging/templates/oauth-client.j2
deleted file mode 100644
index 41d3123cb..000000000
--- a/roles/openshift_logging/templates/oauth-client.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: OAuthClient
-metadata:
- name: kibana-proxy
- labels:
- logging-infra: support
-secret: {{secret}}
-redirectURIs:
-- https://{{openshift_logging_kibana_hostname}}
-- https://{{openshift_logging_kibana_ops_hostname}}
-scopeRestrictions:
-- literals:
- - user:info
- - user:check-access
- - user:list-projects
diff --git a/roles/openshift_logging/templates/pvc.j2 b/roles/openshift_logging/templates/pvc.j2
deleted file mode 100644
index 07d81afff..000000000
--- a/roles/openshift_logging/templates/pvc.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: "{{obj_name}}"
- labels:
- logging-infra: support
-{% if annotations is defined %}
- annotations:
-{% for key,value in annotations.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
-{% if pv_selector is defined and pv_selector is mapping %}
- selector:
- matchLabels:
-{% for key,value in pv_selector.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% endif %}
- accessModes:
-{% for mode in access_modes %}
- - {{ mode }}
-{% endfor %}
- resources:
- requests:
- storage: {{size}}
diff --git a/roles/openshift_logging/templates/rolebinding.j2 b/roles/openshift_logging/templates/rolebinding.j2
deleted file mode 100644
index fcd4e87cc..000000000
--- a/roles/openshift_logging/templates/rolebinding.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: RoleBinding
-metadata:
- name: {{obj_name}}
-roleRef:
-{% if roleRef.kind is defined %}
- kind: {{ roleRef.kind }}
-{% endif %}
- name: {{ roleRef.name }}
-subjects:
-{% for sub in subjects %}
- - kind: {{ sub.kind }}
- name: {{ sub.name }}
-{% endfor %}
diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2
deleted file mode 100644
index cf8a9e65f..000000000
--- a/roles/openshift_logging/templates/route_reencrypt.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: "v1"
-kind: "Route"
-metadata:
- name: "{{obj_name}}"
-{% if labels is defined%}
- labels:
-{% for key, value in labels.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
- host: {{ route_host }}
- tls:
-{% if tls_key is defined and tls_key | length > 0 %}
- key: |
-{{ tls_key|indent(6, true) }}
-{% if tls_cert is defined and tls_cert | length > 0 %}
- certificate: |
-{{ tls_cert|indent(6, true) }}
-{% endif %}
-{% endif %}
- caCertificate: |
-{% for line in tls_ca_cert.split('\n') %}
- {{ line }}
-{% endfor %}
- destinationCACertificate: |
-{% for line in tls_dest_ca_cert.split('\n') %}
- {{ line }}
-{% endfor %}
- termination: reencrypt
-{% if edge_term_policy is defined and edge_term_policy | length > 0 %}
- insecureEdgeTerminationPolicy: {{ edge_term_policy }}
-{% endif %}
- to:
- kind: Service
- name: {{ service_name }}
diff --git a/roles/openshift_logging/templates/secret.j2 b/roles/openshift_logging/templates/secret.j2
deleted file mode 100644
index eba4197da..000000000
--- a/roles/openshift_logging/templates/secret.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: "{{secret_name}}"
-type: Opaque
-data:
-{% for s in secrets %}
- "{{s.key}}" : "{{s.value | b64encode}}"
-{% endfor %}
diff --git a/roles/openshift_logging/templates/service.j2 b/roles/openshift_logging/templates/service.j2
deleted file mode 100644
index 70644a39c..000000000
--- a/roles/openshift_logging/templates/service.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: "v1"
-kind: "Service"
-metadata:
- name: "{{obj_name}}"
-{% if labels is defined%}
- labels:
-{% for key, value in labels.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
- ports:
-{% for port in ports %}
- -
-{% for key, value in port.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% if port.targetPort is undefined %}
- clusterIP: "None"
-{% endif %}
-{% endfor %}
-{% if service_targetPort is defined %}
- targetPort: {{service_targetPort}}
-{% endif %}
- selector:
- {% for key, value in selector.iteritems() %}
- {{key}}: {{value}}
- {% endfor %}
-{% if externalIPs is defined -%}
- externalIPs:
-{% for ip in externalIPs %}
- - {{ ip }}
-{% endfor %}
-{% endif %}
diff --git a/roles/openshift_logging/templates/serviceaccount.j2 b/roles/openshift_logging/templates/serviceaccount.j2
deleted file mode 100644
index b22acc594..000000000
--- a/roles/openshift_logging/templates/serviceaccount.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{obj_name}}
-{% if labels is defined%}
- labels:
-{% for key, value in labels.iteritems() %}
- {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-{% if secrets is defined %}
-secrets:
-{% for name in secrets %}
-- name: {{ name }}
-{% endfor %}
-{% endif %}
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-25 10:55:41 +0000