roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342

apiVersion: "v1"
kind: "List"
items:
-
  apiVersion: "v1"
  kind: "Template"
  metadata:
    name: logging-deployer-account-template
    annotations:
      description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin."
      tags: "infrastructure"
  objects:
  -
    apiVersion: v1
    kind: ServiceAccount
    name: logging-deployer
    metadata:
      name: logging-deployer
      labels:
        logging-infra: deployer
        provider: openshift
        component: deployer
  -
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: aggregated-logging-kibana
  -
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: aggregated-logging-elasticsearch
  -
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: aggregated-logging-fluentd
  -
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: aggregated-logging-curator
  - apiVersion: v1
    kind: ClusterRole
    metadata:
      name: oauth-editor
    rules:
    - resources:
      - oauthclients
      verbs:
      - create
      - delete
  - apiVersion: v1
    kind: ClusterRole
    metadata:
      name: daemonset-admin
    rules:
    - resources:
      - daemonsets
      apiGroups:
      - extensions
      verbs:
      - create
      - get
      - list
      - watch
      - delete
      - update
  - apiVersion: v1
    kind: ClusterRole
    metadata:
      name: rolebinding-reader
    rules:
    - resources:
      - clusterrolebindings
      verbs:
      - get
  -
    apiVersion: v1
    kind: RoleBinding
    metadata:
      name: logging-deployer-edit-role
    roleRef:
      name: edit
    subjects:
    - kind: ServiceAccount
      name: logging-deployer
  -
    apiVersion: v1
    kind: RoleBinding
    metadata:
      name: logging-deployer-dsadmin-role
    roleRef:
      name: daemonset-admin
    subjects:
    - kind: ServiceAccount
      name: logging-deployer
  -
    apiVersion: v1
    kind: RoleBinding
    metadata:
      name: logging-elasticsearch-view-role
    roleRef:
      name: view
    subjects:
    - kind: ServiceAccount
      name: aggregated-logging-elasticsearch
-
  apiVersion: "v1"
  kind: "Template"
  metadata:
    name: logging-deployer-template
    annotations:
      description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account."
      tags: "infrastructure"
  labels:
    logging-infra: deployer
    provider: openshift
  objects:
  -
    apiVersion: v1
    kind: Pod
    metadata:
      generateName: logging-deployer-
    spec:
      containers:
      - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION}
        imagePullPolicy: Always
        name: deployer
        volumeMounts:
        - name: empty
          mountPath: /etc/deploy
        env:
          - name: PROJECT
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: IMAGE_PREFIX
            value: ${IMAGE_PREFIX}
          - name: IMAGE_VERSION
            value: ${IMAGE_VERSION}
          - name: IMAGE_PULL_SECRET
            value: ${IMAGE_PULL_SECRET}
          - name: INSECURE_REGISTRY
            value: ${INSECURE_REGISTRY}
          - name: ENABLE_OPS_CLUSTER
            value: ${ENABLE_OPS_CLUSTER}
          - name: KIBANA_HOSTNAME
            value: ${KIBANA_HOSTNAME}
          - name: KIBANA_OPS_HOSTNAME
            value: ${KIBANA_OPS_HOSTNAME}
          - name: PUBLIC_MASTER_URL
            value: ${PUBLIC_MASTER_URL}
          - name: MASTER_URL
            value: ${MASTER_URL}
          - name: ES_INSTANCE_RAM
            value: ${ES_INSTANCE_RAM}
          - name: ES_PVC_SIZE
            value: ${ES_PVC_SIZE}
          - name: ES_PVC_PREFIX
            value: ${ES_PVC_PREFIX}
          - name: ES_PVC_DYNAMIC
            value: ${ES_PVC_DYNAMIC}
          - name: ES_CLUSTER_SIZE
            value: ${ES_CLUSTER_SIZE}
          - name: ES_NODE_QUORUM
            value: ${ES_NODE_QUORUM}
          - name: ES_RECOVER_AFTER_NODES
            value: ${ES_RECOVER_AFTER_NODES}
          - name: ES_RECOVER_EXPECTED_NODES
            value: ${ES_RECOVER_EXPECTED_NODES}
          - name: ES_RECOVER_AFTER_TIME
            value: ${ES_RECOVER_AFTER_TIME}
          - name: ES_OPS_INSTANCE_RAM
            value: ${ES_OPS_INSTANCE_RAM}
          - name: ES_OPS_PVC_SIZE
            value: ${ES_OPS_PVC_SIZE}
          - name: ES_OPS_PVC_PREFIX
            value: ${ES_OPS_PVC_PREFIX}
          - name: ES_OPS_PVC_DYNAMIC
            value: ${ES_OPS_PVC_DYNAMIC}
          - name: ES_OPS_CLUSTER_SIZE
            value: ${ES_OPS_CLUSTER_SIZE}
          - name: ES_OPS_NODE_QUORUM
            value: ${ES_OPS_NODE_QUORUM}
          - name: ES_OPS_RECOVER_AFTER_NODES
            value: ${ES_OPS_RECOVER_AFTER_NODES}
          - name: ES_OPS_RECOVER_EXPECTED_NODES
            value: ${ES_OPS_RECOVER_EXPECTED_NODES}
          - name: ES_OPS_RECOVER_AFTER_TIME
            value: ${ES_OPS_RECOVER_AFTER_TIME}
          - name: FLUENTD_NODESELECTOR
            value: ${FLUENTD_NODESELECTOR}
          - name: ES_NODESELECTOR
            value: ${ES_NODESELECTOR}
          - name: ES_OPS_NODESELECTOR
            value: ${ES_OPS_NODESELECTOR}
          - name: KIBANA_NODESELECTOR
            value: ${KIBANA_NODESELECTOR}
          - name: KIBANA_OPS_NODESELECTOR
            value: ${KIBANA_OPS_NODESELECTOR}
          - name: CURATOR_NODESELECTOR
            value: ${CURATOR_NODESELECTOR}
          - name: CURATOR_OPS_NODESELECTOR
            value: ${CURATOR_OPS_NODESELECTOR}
          - name: MODE
            value: ${MODE}
      dnsPolicy: ClusterFirst
      restartPolicy: Never
      serviceAccount: logging-deployer
      volumes:
      - name: empty
        emptyDir: {}
  parameters:
  -
    description: "The mode that the deployer runs in."
    name: MODE
    value: "install"
  -
    description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.4.0", set prefix "registry.access.redhat.com/openshift3/"'
    name: IMAGE_PREFIX
    value: "registry.access.redhat.com/openshift3/"
  -
    description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.4.0", set version "3.4.0"'
    name: IMAGE_VERSION
    value: "v3.4"
  -
    description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry."
    name: IMAGE_PULL_SECRET
  -
    description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)"
    name: INSECURE_REGISTRY
    value: "false"
  -
    description: "(Deprecated) If true, set up to use a second ES cluster for ops logs."
    name: ENABLE_OPS_CLUSTER
    value: "false"
  -
    description: "(Deprecated) External hostname where clients will reach kibana"
    name: KIBANA_HOSTNAME
    value: "kibana.example.com"
  -
    description: "(Deprecated) External hostname at which admins will visit the ops Kibana."
    name: KIBANA_OPS_HOSTNAME
    value: kibana-ops.example.com
  -
    description: "(Deprecated) External URL for the master, for OAuth purposes"
    name: PUBLIC_MASTER_URL
    value: "https://localhost:8443"
  -
    description: "(Deprecated) Internal URL for the master, for authentication retrieval"
    name: MASTER_URL
    value: "https://kubernetes.default.svc.cluster.local"
  -
    description: "(Deprecated) How many instances of ElasticSearch to deploy."
    name: ES_CLUSTER_SIZE
    value: "1"
  -
    description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance."
    name: ES_INSTANCE_RAM
    value: "8G"
  -
    description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead."
    name: ES_PVC_SIZE
  -
    description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE."
    name: ES_PVC_PREFIX
    value: "logging-es-"
  -
    description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. '
    name: ES_PVC_DYNAMIC
  -
    description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1."
    name: ES_NODE_QUORUM
  -
    description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE."
    name: ES_RECOVER_AFTER_NODES
  -
    description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE."
    name: ES_RECOVER_EXPECTED_NODES
  -
    description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart."
    name: ES_RECOVER_AFTER_TIME
    value: "5m"
  -
    description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE."
    name: ES_OPS_CLUSTER_SIZE
  -
    description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance."
    name: ES_OPS_INSTANCE_RAM
    value: "8G"
  -
    description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead."
    name: ES_OPS_PVC_SIZE
  -
    description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE."
    name: ES_OPS_PVC_PREFIX
    value: "logging-es-ops-"
  -
    description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. '
    name: ES_OPS_PVC_DYNAMIC
  -
    description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1."
    name: ES_OPS_NODE_QUORUM
  -
    description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE."
    name: ES_OPS_RECOVER_AFTER_NODES
  -
    description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE."
    name: ES_OPS_RECOVER_EXPECTED_NODES
  -
    description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart."
    name: ES_OPS_RECOVER_AFTER_TIME
    value: "5m"
  -
    description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet."
    name: FLUENTD_NODESELECTOR
    value: "logging-infra-fluentd=true"
  -
    description: "(Deprecated) Node selector Elasticsearch cluster (label=value)."
    name: ES_NODESELECTOR
    value: ""
  -
    description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)."
    name: ES_OPS_NODESELECTOR
    value: ""
  -
    description: "(Deprecated) Node selector Kibana cluster (label=value)."
    name: KIBANA_NODESELECTOR
    value: ""
  -
    description: "(Deprecated) Node selector Kibana operations cluster (label=value)."
    name: KIBANA_OPS_NODESELECTOR
    value: ""
  -
    description: "(Deprecated) Node selector Curator (label=value)."
    name: CURATOR_NODESELECTOR
    value: ""
  -
    description: "(Deprecated) Node selector operations Curator (label=value)."
    name: CURATOR_OPS_NODESELECTOR
    value: ""