Skip to content

Commit

Permalink
feat(helm): add FluentBit DaemonSet (reanahub#827)
Browse files Browse the repository at this point in the history
  • Loading branch information
jlemesh committed Oct 17, 2024
1 parent 59ffdc9 commit 0ad506a
Show file tree
Hide file tree
Showing 5 changed files with 236 additions and 0 deletions.
9 changes: 9 additions & 0 deletions helm/configurations/values-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,12 @@ opensearch:
key: OPENSEARCH_INITIAL_ADMIN_PASSWORD
secretMounts: []
customSecurityConfig:

# FluentBit configuration for dev environment
fluent-bit:
enabled: true
outputConfig:
tls: "Off"
tlsCaFile: ""
extraVolumes: []
extraVolumeMounts: []
4 changes: 4 additions & 0 deletions helm/reana/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,7 @@ dependencies:
version: 2.22.1
repository: https://opensearch-project.github.io/helm-charts/
condition: opensearch.enabled
- name: fluent-bit
version: 0.47.7
repository: https://fluent.github.io/helm-charts
condition: fluent-bit.enabled
23 changes: 23 additions & 0 deletions helm/reana/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,29 @@ This Helm automatically prefixes all names using the release name to avoid colli
| `db_env_config.REANA_DB_PORT` | Environment variable to connect to external databases | "5432" |
| `debug.enabled` | Instantiate a [wdb](https://github.com/Kozea/wdb) remote debugger inside the cluster, accessible in port `31984` | false |
| `eos.enabled` | **[CERN only]** Enable EOS support inside the cluster | false |
| `fluent-bit.enabled` | Enable FluentBit | false |
| `fluent-bit.inputConfig.*` | Pass certain `tail` input [configuration parameters](https://docs.fluentbit.io/manual/pipeline/inputs/tail#config)| |
| `fluent-bit.inputConfig.refreshInterval` | `tail` input configuration parameter `Refresh_Interval` | 2 |
| `fluent-bit.inputConfig.rotateWait` | `tail` input configuration parameter `Rotate_Wait` | 5 |
| `fluent-bit.inputConfig.skipLongLines` | `tail` input configuration parameter `Skip_Long_Lines` | On |
| `fluent-bit.inputConfig.skipEmptyLines` | `tail` input configuration parameter `Skip_Empty_Lines` | On |
| `fluent-bit.filterConfig.*` | Pass certain `kubernetes` filter [configuration parameters](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#configuration-parameters)| |
| `fluent-bit.filterConfig.bufferSize` | `kubernetes` filter configuration parameter `Buffer_Size` | 512k |
| `fluent-bit.filterConfig.kubeUrl` | `kubernetes` filter configuration parameter `Kube_URL` | https://kubernetes.default.svc:443 |
| `fluent-bit.filterConfig.kubeCaFile` | `kubernetes` filter configuration parameter `Kube_CA_File` | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
| `fluent-bit.filterConfig.kubeTokenFile` | `kubernetes` filter configuration parameter `Kube_Token_File` | /var/run/secrets/kubernetes.io/serviceaccount/token |
| `fluent-bit.outputConfig.*` | Pass certain `opensearch` output [configuration parameters](https://docs.fluentbit.io/manual/pipeline/outputs/opensearch#configuration-parameters)| |
| `fluent-bit.outputConfig.host` | `opensearch` output configuration parameter `Host` | reana-opensearch-master |
| `fluent-bit.outputConfig.httpUser` | `opensearch` output configuration parameter `HTTP_User` | fluentbit |
| `fluent-bit.outputConfig.httpPasswd` | `opensearch` output configuration parameter `HTTP_Passwd` | None |
| `fluent-bit.outputConfig.tls` | `opensearch` output configuration parameter `tls` | "On" |
| `fluent-bit.outputConfig.tlsVerify` | `opensearch` output configuration parameter `tls.verify` | "On" |
| `fluent-bit.outputConfig.tlsVerifyHostname` | `opensearch` output configuration parameter `tls.verify_hostname` | "Off" |
| `fluent-bit.outputConfig.tlsCaFile` | `opensearch` output configuration parameter `tls.ca_file` | /fluent-bit/etc/certs/ca.crt |
| `fluent-bit.outputConfig.tlsCrtFile` | `opensearch` output configuration parameter `tls.crt_file` | "" |
| `fluent-bit.outputConfig.tlsKeyFile` | `opensearch` output configuration parameter `tls.key_file` | "" |
| `fluent-bit.outputConfig.tlsKeyPassword` | `opensearch` output configuration parameter `tls.key_passwd` | "" |
| `fluent-bit.priority` | Priority class value for FluentBit pods | 1000000 |
| `fullnameOverride` | Name to override the `reana.prefix` | None |
| `infrastructure_storage` | Optional volume used by REANA's infrastructure (i.e. database and message broker). It has the same settings as `shared_storage` | {} |
| `ingress.annotations.traefik.ingress.kubernetes.io/router.entrypoints` | Entrypoints allowed by the ingress controller | "web,websecure" |
Expand Down
11 changes: 11 additions & 0 deletions helm/reana/templates/priority-classes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if index .Values "fluent-bit" "enabled" }}
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: {{ include "reana.prefix" . }}-fluent-bit-priority-class
value: {{ index .Values "fluent-bit" "priority" | default 1000000 }}
preemptionPolicy: Never
globalDefault: false
description: "PriorityClass for FluentBit DaemonSet pods. This priority class will not cause other pods to be preempted."
{{- end }}
189 changes: 189 additions & 0 deletions helm/reana/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -358,3 +358,192 @@ opensearch:
backend_roles:
- readall
and_backend_roles: []

# FluentBit chart values.yaml
fluent-bit:
enabled: false
inputConfig:
refreshInterval: 2
rotateWait: 5
skipLongLines: "On"
skipEmptyLines: "On"
filterConfig:
bufferSize: 512k
kubeUrl: https://kubernetes.default.svc:443
kubeCaFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubeTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
outputConfig:
host: reana-opensearch-master.default.svc.cluster.local
httpUser: fluentbit
httpPasswd:
tls: "On"
tlsVerify: "On"
tlsVerifyHostname: "On"
tlsCaFile: /fluent-bit/etc/certs/ca.crt
tlsCrtFile: ""
tlsKeyFile: ""
tlsKeyPassword: ""
## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file
config:
service: |
[SERVICE]
Daemon Off
Flush {{ .Values.flush }}
Log_Level {{ .Values.logLevel }}
Parsers_File /fluent-bit/etc/parsers.conf
Parsers_File /fluent-bit/etc/conf/custom_parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port {{ .Values.metricsPort }}
Health_Check On
# ## https://docs.fluentbit.io/manual/pipeline/inputs
inputs: |
[INPUT]
Name tail
Path /var/log/containers/reana-run-job-*
multiline.parser docker, cri
Tag kube.*
Skip_Long_Lines {{ .Values.inputConfig.skipLongLines }}
Skip_Empty_Lines {{ .Values.inputConfig.skipEmptyLines }}
Refresh_Interval {{ .Values.inputConfig.refreshInterval }}
Rotate_Wait {{ .Values.inputConfig.rotateWait }}
[INPUT]
Name tail
Path /var/log/containers/reana-run-batch-*
multiline.parser docker, cri
Tag kube.*
Skip_Long_Lines {{ .Values.inputConfig.skipLongLines }}
Skip_Empty_Lines {{ .Values.inputConfig.skipEmptyLines }}
Refresh_Interval {{ .Values.inputConfig.refreshInterval }}
Rotate_Wait {{ .Values.inputConfig.rotateWait }}
## https://docs.fluentbit.io/manual/pipeline/filters
filters: |
[FILTER]
Name kubernetes
Buffer_Size {{ .Values.filterConfig.bufferSize }}
Match kube.*
Annotations Off
Kube_Tag_Prefix kube.var.log.containers.
Kube_URL {{ .Values.filterConfig.kubeUrl }}
Kube_CA_File {{ .Values.filterConfig.kubeCaFile }}
Kube_Token_File {{ .Values.filterConfig.kubeTokenFile }}
[FILTER]
Name parser
Match kube.var.log.containers.reana-run-batch-*job-controller*
Key_name log
Parser reana-capture
Reserve_Data On
Preserve_Key On
[FILTER]
Name grep
Match kube.var.log.containers.reana-run-batch-*job-controller*
Logical_Op or
Regex level ERROR
Regex level WARNING
[FILTER]
Name nest
Match kube.*
Operation lift
Nested_under kubernetes
Add_prefix kubernetes.
[FILTER]
Name nest
Match kube.*
Operation lift
Nested_under kubernetes.labels
Add_prefix kubernetes.labels.
[FILTER]
Name record_modifier
Match kube.*
Remove_key time
Remove_key stream
Remove_key kubernetes.pod_name
Remove_key kubernetes.namespace_name
Remove_key kubernetes.pod_id
Remove_key kubernetes.labels.batch.kubernetes.io/controller-uid
Remove_key kubernetes.labels.batch.kubernetes.io/job-name
Remove_key kubernetes.labels.controller-uid
Remove_key kubernetes.labels.reana-run-job-workflow-uuid
Remove_key kubernetes.labels.reana_workflow_mode
Remove_key kubernetes.annotations.*
Remove_key kubernetes.host
Remove_key kubernetes.container_name
Remove_key kubernetes.docker_id
Remove_key kubernetes.container_hash
Remove_key kubernetes.container_image
Remove_key _p
[FILTER]
Name record_modifier
Match kube.var.log.containers.reana-run-job-*
Remove_key kubernetes.labels.reana-run-batch-workflow-uuid
[FILTER]
Name record_modifier
Match kube.var.log.containers.reana-run-batch-*
Remove_key kubernetes.labels.job-name
## https://docs.fluentbit.io/manual/pipeline/outputs
outputs: |
[OUTPUT]
Name opensearch
Match kube.var.log.containers.reana-run-job-*
Host {{ .Values.outputConfig.host }}
{{- if .Values.outputConfig.httpPasswd }}
HTTP_User {{ .Values.outputConfig.httpUser }}
HTTP_Passwd {{ .Values.outputConfig.httpPasswd }}
{{- end }}
Index fluentbit-job_log
Suppress_Type_Name On
tls {{ .Values.outputConfig.tls }}
tls.verify {{ .Values.outputConfig.tlsVerify }}
tls.verify_hostname {{ .Values.outputConfig.tlsVerifyHostname }}
{{ if .Values.outputConfig.tlsCaFile }}tls.ca_file {{ .Values.outputConfig.tlsCaFile }}{{- end }}
{{ if .Values.outputConfig.tlsCrtFile }}tls.crt_file {{ .Values.outputConfig.tlsCrtFile }}{{- end }}
{{ if .Values.outputConfig.tlsKeyFile }}tls.key_file {{ .Values.outputConfig.tlsKeyFile }}{{- end }}
{{ if .Values.outputConfig.tlsKeyPassword }}tls.key_password {{ .Values.outputConfig.tlsKeyPassword }}{{- end }}
[OUTPUT]
Name opensearch
Match kube.var.log.containers.reana-run-batch-*
Host {{ .Values.outputConfig.host }}
{{- if .Values.outputConfig.httpPasswd }}
HTTP_User {{ .Values.outputConfig.httpUser }}
HTTP_Passwd {{ .Values.outputConfig.httpPasswd }}
{{- end }}
Index fluentbit-workflow_log
Suppress_Type_Name On
tls {{ .Values.outputConfig.tls }}
tls.verify {{ .Values.outputConfig.tlsVerify }}
tls.verify_hostname {{ .Values.outputConfig.tlsVerifyHostname }}
{{ if .Values.outputConfig.tlsCaFile }}tls.ca_file {{ .Values.outputConfig.tlsCaFile }}{{- end }}
{{ if .Values.outputConfig.tlsCrtFile }}tls.crt_file {{ .Values.outputConfig.tlsCrtFile }}{{- end }}
{{ if .Values.outputConfig.tlsKeyFile }}tls.key_file {{ .Values.outputConfig.tlsKeyFile }}{{- end }}
{{ if .Values.outputConfig.tlsKeyPassword }}tls.key_password {{ .Values.outputConfig.tlsKeyPassword }}{{- end }}
## https://docs.fluentbit.io/manual/pipeline/parsers
customParsers: |
[PARSER]
Name reana-capture
Format regex
Regex /^(?<timestamp>[1-9:\-,\w ]+) \| (?<name>[a-zA-Z1-9]+) \| (?<thread>[a-zA-Z1-9_\- \w\(\)]+) \| (?<level>[a-zA-Z]+) \| (?<message>.*)/m
extraVolumes:
- name: reana-opensearch-ca
secret:
secretName: reana-opensearch-tls-secrets
items:
- key: ca.crt
path: ca.crt
extraVolumeMounts:
- name: reana-opensearch-ca
mountPath: /fluent-bit/etc/certs
readOnly: true
priorityClassName: "reana-fluent-bit-priority-class"

0 comments on commit 0ad506a

Please sign in to comment.