diff --git a/CODEOWNERS b/CODEOWNERS index a3d743d..e21c805 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,2 +1,2 @@ -* @melord @d-maslyk @tomekkolo @swi-snap-agent +* @swisnap-krk diff --git a/Dockerfile b/Dockerfile index 4579523..55fcbda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:bionic -LABEL authors='SolarWinds AppOptics team ' +LABEL authors='SolarWinds AppOptics team ' USER root ARG DEBIAN_FRONTEND=noninteractive @@ -37,6 +37,5 @@ COPY ./conf/swisnap-init.sh /opt/SolarWinds/Snap/etc/init.sh WORKDIR /opt/SolarWinds/Snap EXPOSE 21413 - # Run SolarWinds Snap Agent CMD ["/opt/SolarWinds/Snap/etc/init.sh"] diff --git a/Makefile b/Makefile index 08b8c40..6f15b10 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ -DOCKERFILE_VERSION=4.2.0 -SWISNAP_VERSION=4.0.0.863 +DOCKERFILE_VERSION=4.3.0 +SWISNAP_VERSION=4.1.0.1024 TAG=$(DOCKERFILE_VERSION)-$(SWISNAP_VERSION) USER=solarwinds REPOSITORY=solarwinds-snap-agent-docker diff --git a/README.md b/README.md index 6ec8ad9..b8f827f 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Docker and Kubernetes assets for running SolarWinds Snap Agent * [DaemonSet](#daemonset) * [Sidecar](#sidecar) * [Configuration](#configuration) + * [Enabling Docker Logs collector from Kubernetes nodes](#enabling-docker-logs-collector-from-kubernetes-nodes) * [Custom plugins configuration and tasks manifests](#custom-plugins-configuration-and-tasks-manifests) * [Environment Parameters](#environment-parameters) * [Integrating Kubernetes Cluster Events Collection With Loggly](#integrating-kubernetes-cluster-events-collection-with-loggly) @@ -35,6 +36,19 @@ Kubernetes assests available in this repository expect a `solarwinds-token` secr kubectl create secret generic solarwinds-token -n kube-system --from-literal=SOLARWINDS_TOKEN= ``` +* (Optional) If you wish to use Logs Collector/Forwarder functionality from SolarWinds Snap Agent and your token for Loggly or Papertrail is different than your SolarWinds token, please create new Kubernetes secrets, depending on a needs. +If these tokens are the same, there is no need to perform this step - in that case `SOLARWINDS_TOKEN`, will be used by Loggly and Papertrail Publisher plugins. +``` bash +# setting for loggly-http, loggly-http-bulk, loggly-syslog Logs Publishers +kubectl create secret generic loggly-token -n kube-system --from-literal=LOGGLY_TOKEN= + +# setting for swi-logs-http-bulk, swi-logs-http Logs Publishers +kubectl create secret generic papertrail-token -n kube-system --from-literal=PAPERTRAIL_TOKEN= + +# setting for papertrail-syslog publisher +kubectl create secret generic papertrail-publisher-settings -n kube-system --from-literal=PAPERTRAIL_HOST= --from-literal=PAPERTRAIL_PORT= +``` + ### Deployment By default, RBAC is enabled in the deploy manifests. If you are not using RBAC you can deploy [swisnap-agent-deployment.yaml](deploy/base/deployment/swisnap-agent-deployment.yaml) removing the reference to the Service Account. @@ -134,76 +148,162 @@ In the example above, the sidecar will run only the Apache plugin. Additionally, ## Configuration -### Custom plugins configuration and tasks manifests +### Enabling Docker Logs collector from Kubernetes nodes -SolarWinds Snap Agent image is using default plugins configuration files and tasks manifests. In order to use your own configuration you would have to create [Kubernetes configMap](https://kubernetes.io/docs/concepts/storage/volumes/#configmap). In this example we'll set up two configMaps, one for SolarWinds Snap Agent Kubernetes plugin config and second one for corresponding task. +In this configuration SolarWinds Snap Agent DaemonSet will gather Docker logs from underlying node and publish them to Loggly (in addition to gathering HostAgent and Docker metrics to AppOptics). In current setting it will gather all logs from container named "nginx" +This option is disabled by default, it has to be turned on to start working. -``` bash -# create plugin configMap -kubectl create configmap kubernetes-plugin-config --from-file=/path/to/my/plugins.d/kubernetes.yaml --namespace=kube-system -# create task configMap -kubectl create configmap kubernetes-task-manifest --from-file=/path/to/my/tasks.d/task-aokubernetes.yaml --namespace=kube-system +* Create `solarwinds-token` secret in your cluster. To create it run: -# check if everything is fine -kubectl describe configmaps --namespace=kube-system kubernetes-task-manifest kubernetes-plugin-config -``` + ``` bash + kubectl create secret generic solarwinds-token -n kube-system --from-literal=SOLARWINDS_TOKEN= + ``` + +* (Optional step) If your token for Loggly is different than your SolarWinds token, please create new Kubernetes secret. If the tokens are the same, there is no need to perform this step - in that case `SOLARWINDS_TOKEN`, will be used by Loggly Publisher plugin. + + ``` bash + kubectl create secret generic loggly-token -n kube-system --from-literal=LOGGLY_TOKEN= + ``` + +* Set `SWISNAP_ENABLE_DOCKER_LOGS` to `true` and `SWISNAP_DOCKER_LOGS_CONTAINER_NAMES` to desired container names in stable overlay for [DaemonSet kustomization.yaml](deploy/overlays/stable/daemonset/kustomization.yaml). + ```diff + --- a/deploy/overlays/stable/daemonset/kustomization.yaml + +++ b/deploy/overlays/stable/daemonset/kustomization.yaml + @@ -10,7 +10,7 @@ configMapGenerator: + - name: swisnap-host-configmap + behavior: merge + literals: + - - SWISNAP_ENABLE_DOCKER_LOGS=false + + - SWISNAP_ENABLE_DOCKER_LOGS=true + - - SWISNAP_DOCKER_LOGS_CONTAINER_NAMES="" + + - SWISNAP_DOCKER_LOGS_CONTAINER_NAMES="nginx apache" + + images: + - name: solarwinds/solarwinds-snap-agent-docker + ``` + +* Create DaemonSet in your cluster. + + ``` bash + kubectl apply -k ./deploy/overlays/stable/daemonset + ``` + +* After a while you should start seeing Docker logs lines in your Loggly organization. + +If you would like to use different Loggly endpoint, or use Papertrail enpoints, there will be a need to setup up custom task configuration, as described in [Custom plugins configuration and tasks manifests](#custom-plugins-configuration-and-tasks-manifests) + +### Custom plugins configuration and tasks manifests + +SolarWinds Snap Agent image is using default plugins configuration files and tasks manifests. In order to use your own configuration you would have to create [Kubernetes configMap](https://kubernetes.io/docs/concepts/storage/volumes/#configmap). Depending on version of the plugin there will be a need to create either task manifest and plugin config (Plugins v1), or task configuration in case of Plugins v2. + +#### Plugins v1 +In this example we'll set up two configMaps, one for SolarWinds Snap Agent Kubernetes plugin config and second one for corresponding task. + ``` bash + # create plugin configMap and task manifest for Plugin v1 + kubectl create configmap kubernetes-plugin-config --from-file=/path/to/my/plugins.d/kubernetes.yaml --namespace=kube-system + kubectl create configmap kubernetes-task-manifest --from-file=/path/to/my/tasks.d/task-aokubernetes.yaml --namespace=kube-system + + # check if everything is fine + kubectl describe configmaps --namespace=kube-system kubernetes-task-manifest kubernetes-plugin-config + ``` ConfigMaps should be attached to SolarWinds Snap Agent deployment. Here's the example, notice `spec.template.spec.containers.volumeMounts` and `spec.template.spec.volumes`: -``` diff -diff --git a/deploy/base/deployment/kustomization.yaml b/deploy/base/deployment/kustomization.yaml -index 79e0110..000a108 100644 ---- a/deploy/base/deployment/kustomization.yaml -+++ b/deploy/base/deployment/kustomization.yaml -@@ -15,7 +15,7 @@ configMapGenerator: - - SWISNAP_ENABLE_APACHE=false - - SWISNAP_ENABLE_DOCKER=false - - SWISNAP_ENABLE_ELASTICSEARCH=false -- - SWISNAP_ENABLE_KUBERNETES=true -+ - SWISNAP_ENABLE_KUBERNETES=false - - SWISNAP_ENABLE_PROMETHEUS=false - - SWISNAP_ENABLE_MESOS=false - - SWISNAP_ENABLE_MONGODB=false -diff --git a/deploy/base/deployment/swisnap-agent-deployment.yaml b/deploy/base/deployment/swisnap-agent-deployment.yaml -index 294c4b4..babff7d 100644 ---- a/deploy/base/deployment/swisnap-agent-deployment.yaml -+++ b/deploy/base/deployment/swisnap-agent-deployment.yaml -@@ -45,6 +45,12 @@ spec: - - configMapRef: - name: swisnap-k8s-configmap - volumeMounts: -+ - name: kubernetes-plugin-vol -+ mountPath: /opt/SolarWinds/Snap/etc/plugins.d/kubernetes.yaml -+ subPath: kubernetes.yaml -+ - name: kubernetes-task-vol -+ mountPath: /opt/SolarWinds/Snap/etc/tasks.d/task-aokubernetes.yaml -+ subPath: task-aokubernetes.yaml - - name: proc - mountPath: /host/proc - readOnly: true -@@ -56,6 +62,18 @@ spec: - cpu: 100m - memory: 256Mi - volumes: -+ - name: kubernetes-plugin-vol -+ configMap: -+ name: kubernetes-plugin-config -+ items: -+ - key: kubernetes.yaml -+ path: kubernetes.yaml -+ - name: kubernetes-task-vol -+ configMap: -+ name: kubernetes-task-manifest -+ items: -+ - key: task-aokubernetes.yaml -+ path: task-aokubernetes.yaml - - name: proc - hostPath: - path: /proc -``` + ``` diff + diff --git a/deploy/base/deployment/kustomization.yaml b/deploy/base/deployment/kustomization.yaml + index 79e0110..000a108 100644 + --- a/deploy/base/deployment/kustomization.yaml + +++ b/deploy/base/deployment/kustomization.yaml + @@ -15,7 +15,7 @@ configMapGenerator: + - SWISNAP_ENABLE_APACHE=false + - SWISNAP_ENABLE_DOCKER=false + - SWISNAP_ENABLE_ELASTICSEARCH=false + - - SWISNAP_ENABLE_KUBERNETES=true + + - SWISNAP_ENABLE_KUBERNETES=false + - SWISNAP_ENABLE_PROMETHEUS=false + - SWISNAP_ENABLE_MESOS=false + - SWISNAP_ENABLE_MONGODB=false + diff --git a/deploy/base/deployment/swisnap-agent-deployment.yaml b/deploy/base/deployment/swisnap-agent-deployment.yaml + index 294c4b4..babff7d 100644 + --- a/deploy/base/deployment/swisnap-agent-deployment.yaml + +++ b/deploy/base/deployment/swisnap-agent-deployment.yaml + @@ -45,6 +45,12 @@ spec: + - configMapRef: + name: swisnap-k8s-configmap + volumeMounts: + + - name: kubernetes-plugin-vol + + mountPath: /opt/SolarWinds/Snap/etc/plugins.d/kubernetes.yaml + + subPath: kubernetes.yaml + + - name: kubernetes-task-vol + + mountPath: /opt/SolarWinds/Snap/etc/tasks.d/task-aokubernetes.yaml + + subPath: task-aokubernetes.yaml + - name: proc + mountPath: /host/proc + readOnly: true + @@ -56,6 +62,18 @@ spec: + cpu: 100m + memory: 256Mi + volumes: + + - name: kubernetes-plugin-vol + + configMap: + + name: kubernetes-plugin-config + + items: + + - key: kubernetes.yaml + + path: kubernetes.yaml + + - name: kubernetes-task-vol + + configMap: + + name: kubernetes-task-manifest + + items: + + - key: task-aokubernetes.yaml + + path: task-aokubernetes.yaml + - name: proc + hostPath: + path: /proc + ``` Notice that we're not utilizing [Environment Parameters](#environment-parameters) to turn on Kubernetes plugin. When you're attaching taskfiles and plugin configuration files through configMaps, there's no need to set environment variables `SWISNAP_ENABLE_`. SolarWinds Snap Agent will automatically load plugins based on files stored in configMaps. + +#### Plugins v2 + +In this example we'll set up one configMaps, for SolarWinds Snap Agent Kubernetes Logs Collector/Forwarder task configuration. + ``` bash + # create task configuration configMap for Plugin v2 + kubectl create configmap logs-task-config --from-file=/path/to/my/task-autoload.d/task-logs-k8s-events.yaml --namespace=kube-system + ``` + +ConfigMaps should be attached to SolarWinds Snap Agent deployment. Here's the example, notice `spec.template.spec.containers.volumeMounts` and `spec.template.spec.volumes`: + ```diff + diff --git a/deploy/base/deployment/swisnap-agent-deployment.yaml b/deploy/base/deployment/swisnap-agent-deployment.yaml + index 294c4b4..babff7d 100644 + --- a/deploy/base/deployment/swisnap-agent-deployment.yaml + +++ b/deploy/base/deployment/swisnap-agent-deployment.yaml + @@ -45,6 +45,12 @@ spec: + - configMapRef: + name: swisnap-k8s-configmap + volumeMounts: + + - name: logs-task-vol + + mountPath: /opt/SolarWinds/Snap/etc/tasks-autoload.d/task-logs-k8s-events.yaml + + subPath: task-logs-k8s-events.yaml + - name: proc + mountPath: /host/proc + readOnly: true + @@ -56,6 +62,18 @@ spec: + cpu: 100m + memory: 256Mi + volumes: + + - name: logs-task-vol + + configMap: + + name: logs-task-config + + items: + + - key: task-logs-k8s-events.yaml + + path: task-logs-k8s-events.yaml + - name: proc + hostPath: + path: /proc + ``` +Notice that we're not utilizing [Environment Parameters](#environment-parameters) to turn on Logs plugin. When you're attaching task configuration files through configMaps, there's no need to set environment variables `SWISNAP_ENABLE_`. SolarWinds Snap Agent will automatically load tasks based on files stored in configMaps and mounted to `/opt/SolarWinds/Snap/etc/tasks-autoload.d/` in container. + ### Environment Parameters The following environment parameters are available: @@ -213,16 +313,23 @@ The following environment parameters are available: APPOPTICS_CUSTOM_TAGS | Set this to a comma separated K=V list to enable custom tags eg. `NAME=TEST,IS_PRODUCTION=false,VERSION=5` SOLARWINDS_TOKEN | Your SolarWinds token. This parameter is required. APPOPTICS_TOKEN | Depreciated. Your SolarWinds token. This parameter is used as fallback if SOLARWINDS_TOKEN is not present. + LOGGLY_TOKEN | Optional. Use this when your Loggly token differs from Your SolarWinds token. If set, this will be used for tasks using Loggly Publishers (loggly-syslog, loggly-http-bulk, loggly-http). + PAPERTRAIL_TOKEN | Optional. Use this when your Papertrail token differs from Your SolarWinds token. If set, this will be used for tasks using Papertrail Publishers (swi-logs-http, swi-logs-http-bulk). + PAPERTAIL_HOST | Optional. Use this when you intend to use `papertrail-syslog` publisher. Change this to your Papertrail host. + PAPERTRAIL_PORT | Optional. Use this when you intend to use `papertrail-syslog` publisher. Change this to your Papertrail port. APPOPTICS_HOSTNAME | This value overrides the hostname tagged for default host metrics. The DaemonSet uses this to override with Node name. LOG_LEVEL | Expected value: DEBUG, INFO, WARN, ERROR or FATAL. Default value is WARN. LOG_PATH | Set this value to enable SolarWinds Snap Agent logging to file. Default logs are printed to stdout for SolarWinds Snap Agent running in Docker container. Overriding this option disable reading Snap Agent log using `docker logs`, or `kubectl logs`. - SWISNAP_SECURE | Set this to `true` to run only signed plugins. + SWISNAP_SECURE | Set this to `true` to run only signed plugins. Turned on by default for Kubernetes assets. SWISNAP_DISABLE_HOSTAGENT | Set this to `true` to disable the SolarWinds Snap Agent system metrics collection. SWISNAP_DISABLE_PROCESSES | Set this to `true` to disable the SolarWinds Snap Agent processes metrics collection. - SWISNAP_ENABLE_DOCKER | Set this to `true` to enable the Docker plugin. + SWISNAP_ENABLE_DOCKER | Set this to `true` to enable the Docker plugin. This requires Docker socket mounted inside container (done by default in DaemonSet). + SWISNAP_ENABLE_DOCKER_LOGS | Set this to true to enable Logs collector task for gathering Docker logs. If set to true, setting `SWISNAP_DOCKER_LOGS_CONTAINER_NAMES` var is mandatory. This also requires Docker socket mounted inside container (done by default in DaemonSet). + SWISNAP_DOCKER_LOGS_CONTAINER_NAMES | Space separated list of container names, for which log colelctor/forwarder should be set. SWISNAP_ENABLE_APACHE | Set this to `true` to enable the Apache plugin. SWISNAP_ENABLE_ELASTICSEARCH | Set this to `true` to enable the Elasticsearch plugin. SWISNAP_ENABLE_KUBERNETES | Set this to `true` to enable the Kubernetes plugin. Enabling this option on the DaemonSet will cause replication of Kubernetes metrics where the replication count is the number of pods with Kubernetes collection enabled minus one. Typically Kubernetes collection is only enabled on the Deployment asset. + SWISNAP_ENABLE_KUBERNETES_LOGS | Set this to `true` to enable the default Kubernetes logs collector/forwarder. To enable this proper RBAC role have to be set (done for Deployment from this repo). SWISNAP_ENABLE_NGINX | Set this to `true` to enable the Nginx plugin. If enabled the following ENV vars are required to be set:
*NGINX_STATUS_URI* - one, or multiple space-separeted link(s) to Nginx stub_status URI. SWISNAP_ENABLE_NGINX_PLUS | Set this to `true` to enable the Nginx Plus plugin. If enabled the following ENV vars are required to be set:
*NGINX_PLUS_STATUS_URI* - one, or multiple space-separeted link(s) to ngx_http_status_module or status URI. SWISNAP_ENABLE_NGINX_PLUS_API | Set this to `true` to enable the Nginx Plus Api plugin. If enabled the following ENV vars are required to be set:
*NGINX_PLUS_STATUS_URI* - one, or multiple space-separeted link(s) to Nginx API URI. @@ -239,133 +346,119 @@ The following environment parameters are available: If you use `SWISNAP_ENABLE_` set to `true`, then keep in mind that SolarWinds Snap Agent will use default plugins configs and task manifests. For custom configuration see [Custom plugins configuration and tasks manifests](#custom-plugins-configuration-and-tasks-manifests). -## Integrating Kubernetes Cluster Events Collection With Loggly +## Integrating Kubernetes Cluster Events Collection with Loggly/Papertrail This documentaton can be also found in [Documentation for SolarWinds](https://documentation.solarwinds.com/en/Success_Center/appoptics/Content/kb/host_infrastructure/host_agent/kubernetes_ha.htm#integrating-kubernetes-cluster-events-collection-with-loggly) webpage. -Version 22 of Kubernetes collector allows you to collect cluster events and push them to Loggly using logs collector under the hood. To utilize this functionality there is a need to create corresponding configmaps in your cluster, with proper plugins configuration. The example config files can be found in [Event collector configs](examples/event-collector-configs). To enable event collection in your deployment, follow below steps: + +Starting from SolarWinds Snap Agent release 4.1.0 allows you to collect cluster events and push them to Loggly using embedded logs collector under the hood. There are two different ways to enable this functionality - one with enabling default forwarder for Snap Deployment, in which there will be monitored `Normal` events in `default` namespace [Instructions](#enabling-default-kuberentes-log-forwarder). The second option is more advanced and require create corresponding configmaps in your cluster, with proper task configuration. This way allows you to manually edit this configuration, with option to modify both desired event filters, monitored Kubernetes namespace and to select desired publisher [Instruction](#advanced-configuration-for-Kuberetes-log-forwarder-with-custom-task-configuration). + +### Enabling default Kubernetes log forwarder * Create Kubernetes secret for `SOLARWINDS_TOKEN`: + ```shell kubectl create secret generic solarwinds-token -n kube-system --from-literal=SOLARWINDS_TOKEN= ``` +* (Optional step) If your token for Loggly is different than your SolarWinds token, please create new Kubernetes secret. If the tokens are the same, there is no need to perform this step - in that case `SOLARWINDS_TOKEN`, will be used by Loggly Publisher plugin. -* Update Loggly Token in [logs-v2.yaml](examples/event-collector-configs/logs-v2.yaml) file under `v2:collector:logs:all:logging_service:loggly:token`. - ```yaml - v2: - collector: - logs: - all: - # [...] - logging_service: - # [..] - ## Sign up for a Loggly account at: https://www.loggly.com - loggly: - - ## Loggly API token and host - token: "LOGGLY_TOKEN - host: "logs-01.loggly.com" - - ## Loggly API port and protocol - ## use 6514 with TLS or 514 with TCP - port: 6514 - protocol: tls - + ``` bash + kubectl create secret generic loggly-token -n kube-system --from-literal=LOGGLY_TOKEN= ``` -* [task-logs-k8s.yaml](examples/event-collector-configs/task-logs-k8s.yaml) file configures the logs collector plugin. It is telling logs collector to look for `/var/log/SolarWinds/Snap/events.log` file: + +* Edit [kustomisation.yaml](deploy/overlays/stable/deployment/kustomization.yaml) for Snap Agent Deployment and set `SWISNAP_ENABLE_KUBERNETES_LOGS` parameter to `true` + + ```diff + index 8b5d94b..f3aac10 100644 + --- a/deploy/overlays/stable/deployment/kustomization.yaml + +++ b/deploy/overlays/stable/deployment/kustomization.yaml + @@ -9,7 +9,7 @@ configMapGenerator: + - name: swisnap-k8s-configma + behavior: merge + literals: + - - SWISNAP_ENABLE_KUBERNETES_LOGS=false + + - SWISNAP_ENABLE_KUBERNETES_LOGS=true + + images: + - name: solarwinds/solarwinds-snap-agent-docker ``` - --- - version: 2 - schedule: - type: cron - interval: "0 * * * * *" +* Create Snap Agent Deployment (it will automatically create corresponding ServiceAccount): - plugins: - - plugin_name: logs - - metrics: - - /logs/lines_total - - /logs/lines_forwarded - - /logs/bytes_forwarded - - /logs/lines_skipped - - /logs/lines_failed - - /logs/bytes_failed - - /logs/lines_succeeded - - /logs/bytes_succeeded - - /logs/attempts_total - - /logs/failed_attempts_total + ```shell + kubectl apply -k ./deploy/overlays/stable/events-collector/ + ``` - config: - sources: - log_files: +* Watch your cluster events in Loggly. - # [...] - file_paths: - - Path: /var/log/SolarWinds/Snap/events.log +### Advanced configuration for Kuberetes log forwarder with custom task configuration - # [...] - exclude_lines_patterns: - - ".*self-skip-logs-collector.*" +To utilize this functionality there is a need to create corresponding configmaps in your cluster, with proper task configuration. The example config file can be found in [Event collector configs](examples/event-collector-configs). To enable event collector in your deployment, follow below steps: - publish: - - plugin_name: publisher-appoptics +* Create Kubernetes secret for `SOLARWINDS_TOKEN`: + + ```shell + kubectl create secret generic solarwinds-token -n kube-system --from-literal=SOLARWINDS_TOKEN= ``` -* [kubernetes.yaml](examples/event-collector-configs/kubernetes.yaml) file configures the kubernetes collector plugin. This config contain `collector.kubernetes.all.events` field with specified filter. With this example filter event collector will watch for `normal` events in `default` namespace. - ```yaml - collector: - kubernetes: - all: - incluster: true - kubeconfigpath: "" - interval: "60s" +* (Optional) If you wish to use Logs Collector/Forwarder functionality from SolarWinds Snap Agent and your token for Loggly or Papertrail is different than your SolarWinds token, please create new Kubernetes secrets, depending on a needs. +Note: If these tokens are the same, there is no need to perform this step - in that case `SOLARWINDS_TOKEN`, will be used by Loggly and Papertrail Publisher plugins. - events: | - # Embedded YAML (as a multiline string literal) - filters: - - namespace: default - type: normal + ``` bash + # setting for loggly-http, loggly-http-bulk, loggly-syslog Logs Publishers + kubectl create secret generic loggly-token -n kube-system --from-literal=LOGGLY_TOKEN= - grpc_timeout: 30 + # setting for swi-logs-http-bulk, swi-logs-http Logs Publishers + kubectl create secret generic papertrail-token -n kube-system --from-literal=PAPERTRAIL_TOKEN= - load: - plugin: snap-plugin-collector-aokubernetes - task: task-aokubernetes.yaml + # setting for papertrail-syslog publisher + kubectl create secret generic papertrail-publisher-settings -n kube-system --from-literal=PAPERTRAIL_HOST= --from-literal=PAPERTRAIL_PORT= ``` -* If you want to monitor events count in AppOptics, then edit [task-aokubernetes.yaml](examples/event-collector-configs/task-aokubernetes.yaml) task manifest so it contains `/kubernetes/events/count` metric in `workflow.collect.metrics` list, and copy it to working directory: + +* [task-logs-k8s-events.yaml](examples/event-collector-configs/task-logs-k8s-events.yaml) file configures the Kubernetes Events Log task. This config contains `plugins.config.filters` field with specified filter. With this example filter event collector will watch for `Normal` events in `default` namespace. Depending on your needs, you can modify this filter to monitor other event types, or other namespaces. + ```yaml - --- - version: 1 + version: 2 + schedule: type: streaming - deadline: "55s" - workflow: - collect: + + plugins: + - plugin_name: k8s-events config: - /kubernetes: - MaxCollectDuration: "2s" - MaxMetricsBuffer: 250 - metrics: - /kubernetes/events/count: {} - /kubernetes/pod/*/*/*/status/phase/Running: {} + incluster: true + + filters: + - namespace: default + watch_only: true + options: + fieldSelector: "type==Normal" + #- namespace: kube-system + # watch_only: true + # options: + # fieldSelector: "type==Warning" + + #tags: + # /k8s-events/[namespace=my_namespace]/string_line: + # sometag: somevalue + publish: - - plugin_name: publisher-appoptics - config: - period: 60 - floor_seconds: 60 + - plugin_name: loggly-http-bulk # this could be set to any other Logs Publisher ``` -* Once above steps are finished, create 3 configmaps: - ```shell - kubectl create configmap plugin-configs --from-file=./examples/event-collector-configs/logs-v2.yaml --from-file=./examples/event-collector-configs/kubernetes.yaml --namespace=kube-system - kubectl create configmap task-manifests --from-file=./examples/event-collector-configs/task-aokubernetes.yaml --namespace=kube-system - kubectl create configmap task-autoload --from-file=./examples/event-collector-configs/task-logs-k8s.yaml --namespace=kube-system - kubectl describe configmaps -n kube-system plugin-configs task-manifests task-autoload +* Once Kubernetes Events Log task configuration is in desired state, create corresponding configmaps: + + ```shell + kubectl create configmap task-autoload --from-file=./examples/event-collector-configs/task-logs-k8s-events.yaml --namespace=kube-system + + kubectl describe configmaps -n kube-system task-autoload ``` + * Create Events Collector Deployment (it will automatically create corresponding ServiceAccount): + ```shell kubectl apply -k ./deploy/overlays/stable/events-collector/ ``` -* Watch your cluster events in Loggly + +* Watch your cluster events in Loggly, or Papertrail. ## Dashboard diff --git a/conf/swisnap-init.sh b/conf/swisnap-init.sh index 96fb053..a3ce7be 100755 --- a/conf/swisnap-init.sh +++ b/conf/swisnap-init.sh @@ -8,6 +8,7 @@ TASK_AUTOLOAD_DIR="${SWISNAP_HOME}/etc/tasks-autoload.d" CONFIG_FILE="${SWISNAP_HOME}/etc/config.yaml" PUBLISHER_PROCESSES_CONFIG="${PLUGINS_DIR}/publisher-processes.yaml" PUBLISHER_APPOPTICS_CONFIG="${PLUGINS_DIR}/publisher-appoptics.yaml" +PUBLISHER_LOGS_CONFIG="${PLUGINS_DIR}/publisher-logs.yaml" swisnap_config_setup() { # SOLARWINDS_TOKEN is required. Please note, that APPOPTICS_TOKEN is left for preserving backward compatibility @@ -24,8 +25,12 @@ swisnap_config_setup() { yq w -i "${PUBLISHER_APPOPTICS_CONFIG}" v2.publisher.publisher-appoptics.all.endpoint.token -- "${SWI_TOKEN}" yq w -i "${PUBLISHER_PROCESSES_CONFIG}" v2.publisher.publisher-processes.all.endpoint.token -- "${SWI_TOKEN}" - yq w -i ${CONFIG_FILE} log_path "${LOG_PATH:-/proc/self/fd/1}" - yq w -i ${CONFIG_FILE} restapi.addr "tcp://0.0.0.0:21413" + # Use APPOPTICS_HOSTNAME as hostname_alias + if [ -n "${APPOPTICS_HOSTNAME}" ]; then + yq w -i "${PUBLISHER_APPOPTICS_CONFIG}" v1.publisher.publisher-appoptics.all.hostname_alias "${APPOPTICS_HOSTNAME}" + yq w -i "${PUBLISHER_APPOPTICS_CONFIG}" v2.publisher.publisher-appoptics.all.endpoint.hostname_alias "${APPOPTICS_HOSTNAME}" + yq w -i "${PUBLISHER_PROCESSES_CONFIG}" v2.publisher.publisher-processes.all.endpoint.hostname_alias "${APPOPTICS_HOSTNAME}" + fi if [ -n "${LOG_LEVEL}" ]; then yq w -i $CONFIG_FILE log_level "${LOG_LEVEL}" @@ -37,10 +42,35 @@ swisnap_config_setup() { yq w -i ${CONFIG_FILE} control.plugin_trust_level 0 fi - # Use APPOPTICS_HOSTNAME as hostname_alias - if [ -n "${APPOPTICS_HOSTNAME}" ]; then - yq w -i "${CONFIG_FILE}" control.plugins.publisher.publisher-appoptics.all.hostname_alias "${APPOPTICS_HOSTNAME}" + yq w -i ${CONFIG_FILE} log_path "${LOG_PATH:-/proc/self/fd/1}" + yq w -i ${CONFIG_FILE} restapi.addr "tcp://0.0.0.0:21413" + + # Logs Publishers releated configs + if [ -n "${LOGGLY_TOKEN}" ] && [ "${LOGGLY_TOKEN}" != 'LOGGLY_TOKEN' ]; then + LOGGLY_PUBL_TOKEN="${LOGGLY_TOKEN}" + else + LOGGLY_PUBL_TOKEN="${SWI_TOKEN}" fi + + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.loggly-http.all.token -- "${LOGGLY_PUBL_TOKEN}" + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.loggly-http-bulk.all.token -- "${LOGGLY_PUBL_TOKEN}" + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.loggly-syslog.all.token -- "${LOGGLY_PUBL_TOKEN}" + + if [ -n "${PAPERTRAIL_TOKEN}" ] && [ "${PAPERTRAIL_TOKEN}" != 'PAPERTRAIL_TOKEN' ]; then + PAPERTRAIL_PUBL_TOKEN="${PAPERTRAIL_TOKEN}" + else + PAPERTRAIL_PUBL_TOKEN="${SWI_TOKEN}" + fi + + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.swi-logs-http-bulk.all.token -- "${PAPERTRAIL_PUBL_TOKEN}" + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.swi-logs-http.all.token -- "${PAPERTRAIL_PUBL_TOKEN}" + + if [ -n "${PAPERTRAIL_HOST}" ] && [ -n "${PAPERTRAIL_PORT}" ]; then + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.papertrail-syslog.all.host "${PAPERTRAIL_HOST}" + yq w -i "${PUBLISHER_LOGS_CONFIG}" v2.publisher.papertrail-syslog.all.port "${PAPERTRAIL_PORT}" + fi + + } run_plugins_with_default_configs() { @@ -49,13 +79,29 @@ run_plugins_with_default_configs() { mv "${PLUGINS_DIR}/apache.yaml.example" "${PLUGINS_DIR}/apache.yaml" fi - if [ "$SWISNAP_ENABLE_DOCKER" = "true" ]; then + if [ "${SWISNAP_ENABLE_DOCKER}" = "true" ]; then mv "${PLUGINS_DIR}/docker.yaml.example" "${PLUGINS_DIR}/docker.yaml" if [[ -n "${HOST_PROC}" ]]; then sed -i 's,procfs: "/proc",procfs: "'"${HOST_PROC}"'",g' "${PLUGINS_DIR}/docker.yaml" fi fi + if [ "${SWISNAP_ENABLE_DOCKER_LOGS}" = "true" ] && [ -n "${SWISNAP_DOCKER_LOGS_CONTAINER_NAMES}" ]; then + DOCKER_LOGS_CONFIG="${TASK_AUTOLOAD_DIR}/task-logs-docker.yaml" + mv "${DOCKER_LOGS_CONFIG}.example" "${DOCKER_LOGS_CONFIG}" + yq d -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs' + for cont_name in ${SWISNAP_DOCKER_LOGS_CONTAINER_NAMES}; do + yq w -i "${DOCKER_LOGS_CONFIG}" "plugins.(plugin_name==docker-logs).config.logs[+].filters.name.${cont_name}" true + done + + yq w -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs[*].options.showstdout' true + yq w -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs[*].options.showstderr' true + yq w -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs[*].options.follow' true + yq w -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs[*].options.tail' all + yq w -i "${DOCKER_LOGS_CONFIG}" 'plugins.(plugin_name==docker-logs).config.logs[*].options.since' --tag '!!str' "" + fi + + if [ "${SWISNAP_ENABLE_ELASTICSEARCH}" = "true" ]; then mv "${PLUGINS_DIR}/elasticsearch.yaml.example" "${PLUGINS_DIR}/elasticsearch.yaml" fi @@ -64,6 +110,15 @@ run_plugins_with_default_configs() { mv "${PLUGINS_DIR}/kubernetes.yaml.example" "${PLUGINS_DIR}/kubernetes.yaml" fi + if [ "${SWISNAP_ENABLE_KUBERNETES_LOGS}" = "true" ]; then + KUBERNETES_LOGS_CONFIG="${TASK_AUTOLOAD_DIR}/task-logs-k8s-events.yaml" + mv "${KUBERNETES_LOGS_CONFIG}.example" "${KUBERNETES_LOGS_CONFIG}" + yq w -i "${KUBERNETES_LOGS_CONFIG}" 'plugins.(plugin_name==k8s-events).config.incluster' 'true' + yq w -i "${KUBERNETES_LOGS_CONFIG}" 'plugins.(plugin_name==k8s-events).config.filters[+].namespace' 'default' + yq w -i "${KUBERNETES_LOGS_CONFIG}" 'plugins.(plugin_name==k8s-events).config.filters[*].watch_only' 'true' + yq w -i "${KUBERNETES_LOGS_CONFIG}" 'plugins.(plugin_name==k8s-events).config.filters[*].options.fieldSelector' 'type==Normal' + fi + if [ "${SWISNAP_ENABLE_NGINX}" = "true" ]; then NGINX_CONFIG="${TASK_AUTOLOAD_DIR}/task-bridge-nginx.yaml" mv "${NGINX_CONFIG}.example" "${NGINX_CONFIG}" @@ -174,7 +229,6 @@ run_plugins_with_default_configs() { fi if [ "${SWISNAP_DISABLE_HOSTAGENT}" = "true" ]; then - rm "${TASK_AUTOLOAD_DIR}/task-aosystem-warmup.yaml" rm "${TASK_AUTOLOAD_DIR}/task-aosystem.yaml" fi diff --git a/deploy/base/daemonset/kustomization.yaml b/deploy/base/daemonset/kustomization.yaml index 031ca0b..908b559 100644 --- a/deploy/base/daemonset/kustomization.yaml +++ b/deploy/base/daemonset/kustomization.yaml @@ -24,7 +24,7 @@ configMapGenerator: - SWISNAP_ENABLE_ZOOKEEPER=false - SWISNAP_DISABLE_HOSTAGENT=false - SWISNAP_DISABLE_PROCESSES=false - - SWISNAP_SECURE=false + - SWISNAP_SECURE=true - HOST_PROC=/host/proc - LOG_LEVEL=WARN diff --git a/deploy/base/daemonset/swisnap-agent-daemonset.yaml b/deploy/base/daemonset/swisnap-agent-daemonset.yaml index 3d69444..1e6d320 100644 --- a/deploy/base/daemonset/swisnap-agent-daemonset.yaml +++ b/deploy/base/daemonset/swisnap-agent-daemonset.yaml @@ -44,6 +44,30 @@ spec: name: solarwinds-token key: SOLARWINDS_TOKEN optional: true + - name: LOGGLY_TOKEN + valueFrom: + secretKeyRef: + name: loggly-token + key: LOGGLY_TOKEN + optional: true + - name: PAPERTRAIL_TOKEN + valueFrom: + secretKeyRef: + name: papertrail-token + key: PAPERTRAIL_TOKEN + optional: true + - name: PAPERTRAIL_HOST + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_HOST + optional: true + - name: PAPERTRAIL_PORT + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_PORT + optional: true envFrom: - configMapRef: name: swisnap-host-configmap diff --git a/deploy/base/deployment/kustomization.yaml b/deploy/base/deployment/kustomization.yaml index 79e0110..f0491e6 100644 --- a/deploy/base/deployment/kustomization.yaml +++ b/deploy/base/deployment/kustomization.yaml @@ -25,7 +25,7 @@ configMapGenerator: - SWISNAP_ENABLE_ZOOKEEPER=false - SWISNAP_DISABLE_HOSTAGENT=true - SWISNAP_DISABLE_PROCESSES=true - - SWISNAP_SECURE=false + - SWISNAP_SECURE=true - HOST_PROC=/host/proc - LOG_LEVEL=WARN diff --git a/deploy/base/deployment/swisnap-agent-deployment.yaml b/deploy/base/deployment/swisnap-agent-deployment.yaml index 0d3049e..2f84add 100644 --- a/deploy/base/deployment/swisnap-agent-deployment.yaml +++ b/deploy/base/deployment/swisnap-agent-deployment.yaml @@ -48,6 +48,30 @@ spec: name: solarwinds-token key: SOLARWINDS_TOKEN optional: true + - name: LOGGLY_TOKEN + valueFrom: + secretKeyRef: + name: loggly-token + key: LOGGLY_TOKEN + optional: true + - name: PAPERTRAIL_TOKEN + valueFrom: + secretKeyRef: + name: papertrail-token + key: PAPERTRAIL_TOKEN + optional: true + - name: PAPERTRAIL_HOST + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_HOST + optional: true + - name: PAPERTRAIL_PORT + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_PORT + optional: true envFrom: - configMapRef: name: swisnap-k8s-configmap diff --git a/deploy/base/events-collector/kustomization.yaml b/deploy/base/events-collector/kustomization.yaml index f23ebcd..5e81263 100644 --- a/deploy/base/events-collector/kustomization.yaml +++ b/deploy/base/events-collector/kustomization.yaml @@ -28,5 +28,5 @@ configMapGenerator: - SWISNAP_ENABLE_ZOOKEEPER='false' - SWISNAP_DISABLE_HOSTAGENT='true' - SWISNAP_DISABLE_PROCESSES='true' - - SWISNAP_SECURE='false' + - SWISNAP_SECURE='true' - HOST_PROC='/host/proc' diff --git a/deploy/base/events-collector/swisnap-agent-deployment-event-collector.yaml b/deploy/base/events-collector/swisnap-agent-deployment-event-collector.yaml index 7e38616..605fbc8 100644 --- a/deploy/base/events-collector/swisnap-agent-deployment-event-collector.yaml +++ b/deploy/base/events-collector/swisnap-agent-deployment-event-collector.yaml @@ -22,18 +22,9 @@ spec: image: 'solarwinds/solarwinds-snap-agent-docker:latest' imagePullPolicy: IfNotPresent volumeMounts: - - name: plugins-logs - mountPath: /opt/SolarWinds/Snap/etc/plugins.d/logs-v2.yaml - subPath: logs-v2.yaml - - name: plugins-kubernetes - mountPath: /opt/SolarWinds/Snap/etc/plugins.d/kubernetes.yaml - subPath: kubernetes.yaml - - name: tasks-aokubernetes - mountPath: /opt/SolarWinds/Snap/etc/tasks.d/task-aokubernetes.yaml - subPath: task-aokubernetes.yaml - - name: tasks-autoload-logs - mountPath: /opt/SolarWinds/Snap/etc/tasks-autoload.d/task-logs-k8s.yaml - subPath: task-logs-k8s.yaml + - name: task-logs-k8s-events + mountPath: /opt/SolarWinds/Snap/etc/tasks-autoload.d/task-logs-k8s-events.yaml + subPath: task-logs-k8s-events.yaml env: - name: APPOPTICS_TOKEN valueFrom: @@ -47,6 +38,30 @@ spec: name: solarwinds-token key: SOLARWINDS_TOKEN optional: true + - name: LOGGLY_TOKEN + valueFrom: + secretKeyRef: + name: loggly-token + key: LOGGLY_TOKEN + optional: true + - name: PAPERTRAIL_TOKEN + valueFrom: + secretKeyRef: + name: papertrail-token + key: PAPERTRAIL_TOKEN + optional: true + - name: PAPERTRAIL_HOST + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_HOST + optional: true + - name: PAPERTRAIL_PORT + valueFrom: + secretKeyRef: + name: papertrail-publisher-settings + key: PAPERTRAIL_PORT + optional: true envFrom: - configMapRef: name: swisnap-agent-k8s-events-configmap @@ -70,30 +85,12 @@ spec: initialDelaySeconds: 5 timeoutSeconds: 5 volumes: - - name: plugins-logs - configMap: - name: plugin-configs - items: - - key: logs-v2.yaml - path: logs-v2.yaml - - name: plugins-kubernetes - configMap: - name: plugin-configs - items: - - key: kubernetes.yaml - path: kubernetes.yaml - - name: tasks-autoload-logs + - name: task-logs-k8s-events configMap: name: task-autoload items: - - key: task-logs-k8s.yaml - path: task-logs-k8s.yaml - - name: tasks-aokubernetes - configMap: - name: task-manifests - items: - - key: task-aokubernetes.yaml - path: task-aokubernetes.yaml + - key: task-logs-k8s-events.yaml + path: task-logs-k8s-events.yaml strategy: type: RollingUpdate rollingUpdate: diff --git a/deploy/overlays/stable/daemonset/kustomization.yaml b/deploy/overlays/stable/daemonset/kustomization.yaml index 0be2bde..f855d2a 100644 --- a/deploy/overlays/stable/daemonset/kustomization.yaml +++ b/deploy/overlays/stable/daemonset/kustomization.yaml @@ -5,7 +5,15 @@ kind: Kustomization bases: - ../../../base/daemonset +namespace: kube-system + +configMapGenerator: + - name: swisnap-host-configmap + behavior: merge + literals: + - SWISNAP_ENABLE_DOCKER_LOGS=false + - SWISNAP_DOCKER_LOGS_CONTAINER_NAMES="" images: - name: solarwinds/solarwinds-snap-agent-docker - newTag: 4.2.0-4.0.0.863 + newTag: 4.3.0-4.1.0.1024 diff --git a/deploy/overlays/stable/deployment/kustomization.yaml b/deploy/overlays/stable/deployment/kustomization.yaml index ddc949e..cc795aa 100644 --- a/deploy/overlays/stable/deployment/kustomization.yaml +++ b/deploy/overlays/stable/deployment/kustomization.yaml @@ -5,6 +5,14 @@ kind: Kustomization bases: - ../../../base/deployment +namespace: kube-system + +configMapGenerator: + - name: swisnap-k8s-configmap + behavior: merge + literals: + - SWISNAP_ENABLE_KUBERNETES_LOGS=false + images: - name: solarwinds/solarwinds-snap-agent-docker - newTag: 4.2.0-4.0.0.863 + newTag: 4.3.0-4.1.0.1024 diff --git a/deploy/overlays/stable/events-collector/kustomization.yaml b/deploy/overlays/stable/events-collector/kustomization.yaml index 806c90b..20678d2 100644 --- a/deploy/overlays/stable/events-collector/kustomization.yaml +++ b/deploy/overlays/stable/events-collector/kustomization.yaml @@ -7,4 +7,4 @@ bases: images: - name: solarwinds/solarwinds-snap-agent-docker - newTag: 4.2.0-4.0.0.863 + newTag: 4.3.0-4.1.0.1024 diff --git a/examples/event-collector-configs/kubernetes.yaml b/examples/event-collector-configs/kubernetes.yaml deleted file mode 100644 index 8fe5f38..0000000 --- a/examples/event-collector-configs/kubernetes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -collector: - kubernetes: - all: - incluster: true - kubeconfigpath: "" - interval: "60s" - - events: | - # Embedded YAML (as a multiline string literal) - filters: - - namespace: default - type: normal - - grpc_timeout: 30 - -load: - plugin: snap-plugin-collector-aokubernetes - task: task-aokubernetes.yaml diff --git a/examples/event-collector-configs/logs-v2.yaml b/examples/event-collector-configs/logs-v2.yaml deleted file mode 100644 index 160de83..0000000 --- a/examples/event-collector-configs/logs-v2.yaml +++ /dev/null @@ -1,54 +0,0 @@ -v2: - collector: - logs: - all: - - sources: - ## Define common settings for Loggly or Papertrail. - common: - - ## Maximum line length to be written at once (in utf-8 characters) - ## 0 means no limit - ## 1024 is the default - #max_line_length: 1024 - - ## Tail and send logs from this host to Loggly or Papertrail. - ## Loggly and Papertrail are also from the SolarWinds DevOps Cloud Product Family Suite. - logging_service: - - ## Override the hostname used for logs reported by this agent. Defaults to the OS-provided hostname. - #hostname: "myhost" - - timeouts: - - ## A timeout for connecting to logs-accepting API - #connect: 30s - - ## A timeout for writing to logs-accepting API - #write: 30s - - ## Sign up for a Loggly account at: https://www.loggly.com - loggly: - - ## Loggly API token and host - token: "LOGGLY_TOKEN - host: "logs-01.loggly.com" - - ## Loggly API port and protocol - ## use 6514 with TLS or 514 with TCP - port: 6514 - protocol: tls - - ## Path to Loggly public CA certificate. See https://www.loggly.com/docs/rsyslog-tls-configuration/ for reference. - ## Uncomment this line if you want to use custom host certificate store. - # ca_certificate_path: /path/to/your/certificate - - ## Sign up for a Papertrail account at: https://papertrailapp.com - #papertrail: - ## Papertrail API token - #token: "PAPERTRAIL_TOKEN" - - ## Papertrail host and port details: change this to YOUR papertrail host. - #host: "HOST.papertrailapp.com" - #port: 12345 - #protocol: tls diff --git a/examples/event-collector-configs/task-aokubernetes.yaml b/examples/event-collector-configs/task-aokubernetes.yaml deleted file mode 100644 index 493ea8b..0000000 --- a/examples/event-collector-configs/task-aokubernetes.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -version: 1 - -schedule: - type: streaming - -deadline: "55s" - -workflow: - collect: - - config: - /kubernetes: - MaxCollectDuration: "2s" - MaxMetricsBuffer: 250 - - metrics: - /kubernetes/events/count: {} - /kubernetes/pod/*/*/*/status/phase/Running: {} - publish: - - plugin_name: publisher-appoptics - config: - period: 60 - floor_seconds: 60 diff --git a/examples/event-collector-configs/task-logs-k8s-events.yaml b/examples/event-collector-configs/task-logs-k8s-events.yaml new file mode 100644 index 0000000..b5ad02d --- /dev/null +++ b/examples/event-collector-configs/task-logs-k8s-events.yaml @@ -0,0 +1,38 @@ +--- +version: 2 + +schedule: + type: streaming + +plugins: + - plugin_name: k8s-events + + config: + ## Configure k8s events collection: + ## - "incluster" (defaults to false) defines if collector is running next to the k8s cluster (kubeconfigpath must be provided) or inside container. + ## - "kubeconfigpath" (defaults to for unix "~/.kube/config", for windows "%USERPROFILE%/.kube/config") defines paths to the k8s configuration if collector is running next to the k8s cluster. + ## - "filters" defines filters which will be used to get interesting events. + ## "watch_only" (defaults to true) defines if collector should watch only new events, without listing/getting stored ones. + ## Namespace default and type normal are default values for the filter. + ## Please take in mind, that collecting all events from kubernetes cluster can generate significant load, so tune your selections. + ## More about filter fields can be found here: https://documentation.solarwinds.com/en/Success_Center/appoptics/content/kb/host_infrastructure/integrations/kubernetes.htm#configuration + + incluster: true + #kubeconfigpath: "~/.kube/config" + + filters: + - namespace: default + watch_only: true + options: + fieldSelector: "type==Normal" + #- namespace: kube-system + # watch_only: true + # options: + # fieldSelector: "type==Warning" + + #tags: + # /k8s-events/[namespace=my_namespace]/string_line: + # sometag: somevalue + + publish: + - plugin_name: loggly-http-bulk diff --git a/examples/event-collector-configs/task-logs-k8s.yaml b/examples/event-collector-configs/task-logs-k8s.yaml deleted file mode 100644 index 2848446..0000000 --- a/examples/event-collector-configs/task-logs-k8s.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -version: 2 - -schedule: - type: cron - interval: "0 * * * * *" - -plugins: - - plugin_name: logs - - metrics: - - /logs/lines_total - - /logs/lines_forwarded - - /logs/bytes_forwarded - - /logs/lines_skipped - - /logs/lines_failed - - /logs/bytes_failed - - /logs/lines_succeeded - - /logs/bytes_succeeded - - /logs/attempts_total - - /logs/failed_attempts_total - - config: - ## Define sources from which logs will be read. - sources: - - ## Define files from which logs will be read and sent to the Loggly or Papertrail. - log_files: - - ## An interval for looking for new files matching given pattern(s) - #new_file_check_interval: 30s - - ## An array of files or filename patterns to watch. - ## - ## NOTE: Be careful when attempting to handle snapteld logs - ## as those might also contain log entries of logs collector - ## to avoid infinite recurrence effect you should apply exclude pattern below by adding - ## ".*self-skip-logs-collector.*" - file_paths: - - Path: /var/log/SolarWinds/Snap/events.log - - # - Path: /var/log/*.log - # - Path: /var/log/httpd/access_log - # Tag: HTTPD Access log - - ## Provide one or more regular expressions to prevent certain files from being matched. - #exclude_files_patterns: - # - \.\d$ - # - \.bz2 - # - \.gz - - ## There may be certain log messages that you do not want to be sent. - ## These may be repetitive log lines that are "noise" that you might - ## not be able to filter out easily from the respective application. - ## To filter these lines, use exclude_patterns with an array or regexes. - exclude_lines_patterns: - - ".*self-skip-logs-collector.*" - - publish: - - plugin_name: publisher-appoptics