Refactored the fluentd-es addon #50082
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-github-robot
added
size/XXL
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
2 times, most recently
from
cd11fb7 to
1f32693
Compare
crassirostris
changed the title
crassirostris
added
the
sig/instrumentation
k8s-github-robot
added
release-note
|
@crassirostris Thanks, will have a look! |
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
2 times, most recently
from
2568ce9 to
b1f39fa
Compare
|
|
||
| The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to | ||
| store data. This volume will be erased with the pod evictions, it is used | ||
| just for the testing purposes. |
There was a problem hiding this comment.
I would say 'just for testing purposes'.
| that by default will be 100 Gi per replica. Please adjust this to your needs (including | ||
| possibly choosing a more suitable StorageClass). | ||
|
|
||
| The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to |
There was a problem hiding this comment.
It's called emptyDir rather than EmptyDir?
There was a problem hiding this comment.
It's referred as EmptyDir in the API docs (e.g. in https://kubernetes.io/docs/api-reference/v1.7/#emptydirvolumesource-v1-core)
| []() | ||
| [fluentd]: http://www.fluentd.org/ | ||
| [elasticsearch]: http://www.elasticsearch.org/ | ||
| [kibana]: https://www.elastic.co/products/elasticsearch |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yeah, it's funny, I actually noticed that, but it kinda fell in the crack :D
Ack
|
|
||
| []() | ||
| [fluentd]: http://www.fluentd.org/ | ||
| [elasticsearch]: http://www.elasticsearch.org/ |
There was a problem hiding this comment.
| @@ -12,3 +12,6 @@ path.data: /data | |||
| network.host: 0.0.0.0 | |||
|
|
|||
| discovery.zen.minimum_master_nodes: ${MINIMUM_MASTER_NODES} | |||
|
|
|||
| xpack.security.enabled: false | |||
| resources: | ||
| limits: | ||
| memory: 200Mi | ||
| memory: 500Mi |
There was a problem hiding this comment.
How did you determine the new value?
There was a problem hiding this comment.
Empirically. Note that it's limit, I haven't changed the request. that's just to protect the fluentd from ruby having memory spikes
| @@ -64,3 +102,10 @@ spec: | |||
| - name: varlibdockercontainers | |||
| hostPath: | |||
| path: /var/lib/docker/containers | |||
| # It is needed to copy systemd library to decompress journals | |||
| gem 'fluent-plugin-kubernetes_metadata_filter', '~>0.27.0' | ||
| gem 'fluent-plugin-elasticsearch', '~>1.9.5' | ||
| gem 'fluent-plugin-systemd', '~>0.0.8' | ||
| gem 'fluent-plugin-prometheus', '~>0.3.0' |
|
|
||
| [fluentd]: http://www.fluentd.org/ | ||
| [elasticsearch]: http://www.elasticsearch.org/ |
There was a problem hiding this comment.
| value: /api/v1/proxy/namespaces/kube-system/services/kibana-logging | ||
| - name: XPACK_MONITORING_ENABLED | ||
| value: false | ||
| - name: XPACK_SECURITY_ENABLED |
|
@aknuds1 Thanks! I'll address it shortly |
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
3 times, most recently
from
d327e29 to
68da746
Compare
|
/retest |
2 similar comments
|
/retest |
|
/retest |
| spec: | ||
| template: | ||
| metadata: | ||
| labels: | ||
| k8s-app: fluentd-es | ||
| kubernetes.io/cluster-service: "true" | ||
| version: v1.24 | ||
| version: v0.2.0 |
There was a problem hiding this comment.
why is this version going backwards?
There was a problem hiding this comment.
I decided to move to the semver, but I agree that moving 1.24 -> 0.1.24 and then updating to 0.2.0 is less intuitive than 1.24 -> 1.24.0 -> 2.0.0
I'll change the version, thanks for noticing!
|
this fixes: #41462 |
|
Thanks for reminding! |
k8s-github-robot
added
the
approved
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
2 times, most recently
from
5854152 to
8dd80fa
Compare
| [X-Pack plugin][xPack]. See configuration parameter `xpack.security.enabled` | ||
| in Elasticsearch and Kibana configurations. It can also be set via | ||
| `XPACK_SECURITY_ENABLED` env variable. You can then use [ConfigMaps][configMap] | ||
| and [Secrets][secret] to set up password in Kibana and fluentd. |
There was a problem hiding this comment.
To set up credentials (rather than 'password')?
| possibly choosing a more suitable StorageClass). | ||
|
|
||
| The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to | ||
| store data. This volume will be erased with the pod evictions, it is used |
There was a problem hiding this comment.
"when pods terminate" maybe instead of "with the pod evictions"?
| store data. This volume will be erased with the pod evictions, it is used | ||
| just for testing purposes. | ||
|
|
||
| **Note:** please change the storage to the persistent volume claim if you |
There was a problem hiding this comment.
Maybe say "change the storage to persistent volume claim" instead of "change the storage to the persistent volume claim"?
|
|
||
| Learn more at: https://kubernetes.io/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana | ||
| **Note:** in order for Fluentd to work, every Kubernetes node must be labeled | ||
| with `beta.kubernetes.io/fluentd-ds-ready=true`, as otherwise Fluentd DaemonSet |
There was a problem hiding this comment.
I would say "the Fluentd DaemonSet".
|
@crassirostris Should you document perhaps how the Fluentd configuration must be changed in order to use credentials towards Elasticsearch? |
| [X-Pack plugin][xPack]. See configuration parameter `xpack.security.enabled` | ||
| in Elasticsearch and Kibana configurations. It can also be set via | ||
| `XPACK_SECURITY_ENABLED` env variable. You can then use [ConfigMaps][configMap] | ||
| and [Secrets][secret] to set up password in Kibana and fluentd. |
| possibly choosing a more suitable StorageClass). | ||
|
|
||
| The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to | ||
| store data. This volume will be erased with the pod evictions, it is used |
| store data. This volume will be erased with the pod evictions, it is used | ||
| just for testing purposes. | ||
|
|
||
| **Note:** please change the storage to the persistent volume claim if you |
|
|
||
| Learn more at: https://kubernetes.io/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana | ||
| **Note:** in order for Fluentd to work, every Kubernetes node must be labeled | ||
| with `beta.kubernetes.io/fluentd-ds-ready=true`, as otherwise Fluentd DaemonSet |
|
@aknuds1 Done, PTAL |
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
from
8dd80fa to
17e25e9
Compare
|
@crassirostris On it |
|
|
||
| Since Fluentd talks to Elastcisearch service inside the cluster, instance on |
There was a problem hiding this comment.
I think it's better to word it "Since Fluentd talks to the Elasticsearch service inside the cluster, instances on masters won't work, because masters have no kube-proxy. Add a taint on your masters to avoid Fluentd pod scheduling there".
|
|
||
| Since Fluentd talks to Elastcisearch service inside the cluster, instance on | ||
| the master won't work, because there's no kube-proxy on master. Add taint on | ||
| your master to avoid Fluentd pod scheduling there. |
There was a problem hiding this comment.
Is it really necessary to taint masters, since the label beta.kubernetes.io/fluentd-ds-ready=true is already used to control the nodes on which Fluentd is scheduled?
There was a problem hiding this comment.
Makes sense actually. It's the problem of GCE setup in this repo, not a generic one. I'll rephrase
| apiVersion: extensions/v1beta1 | ||
| kind: DaemonSet | ||
| metadata: | ||
| name: fluentd-es-v1.24 | ||
| name: fluentd-es-v2.0.0 |
There was a problem hiding this comment.
Is there any point in appending the version to the name? We stopped doing this for Elasticsearch itself after all.
There was a problem hiding this comment.
I guess there is none, thanks for noticing
| apiVersion: extensions/v1beta1 | ||
| kind: DaemonSet | ||
| metadata: | ||
| name: fluentd-es-v1.24 | ||
| name: fluentd-es-v2.0.0 |
There was a problem hiding this comment.
I guess there is none, thanks for noticing
|
|
||
| Since Fluentd talks to Elastcisearch service inside the cluster, instance on |
|
|
||
| Since Fluentd talks to Elastcisearch service inside the cluster, instance on | ||
| the master won't work, because there's no kube-proxy on master. Add taint on | ||
| your master to avoid Fluentd pod scheduling there. |
There was a problem hiding this comment.
Makes sense actually. It's the problem of GCE setup in this repo, not a generic one. I'll rephrase
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
from
17e25e9 to
cf997af
Compare
|
@aknuds1 this looks good to me, but I'll wait for your approval before I put a lgtm label on it |
| possibly choosing a more suitable StorageClass). | ||
|
|
||
| The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to | ||
| store data. This volume will be erased when the pod terminates, it is used |
There was a problem hiding this comment.
I think this sounds more correct, as there will be several pods: "when the pods terminate".
There was a problem hiding this comment.
I wanted to say that an EmptyDir volume is erased if the pod it belongs to is restarted
There was a problem hiding this comment.
@crassirostris Aha, when reading through again it makes sense in context.
| just for testing purposes. | ||
|
|
||
| **Note:** please change the storage to persistent volume claim if you want | ||
| to use this deployment in your setup! |
There was a problem hiding this comment.
It's not a deployment though, maybe call it 'StatefulSet'?
| Since Fluentd talks to the Elasticsearch service inside the cluster, instances | ||
| on masters won't work, because masters have no kube-proxy. Don't mark masters | ||
| with a label mentioned in the previous paragraph or add a taint on them to | ||
| avoid Fluentd pods scheduling there. |
| [configMap]: https://kubernetes.io/docs/tasks/configure-pod-container/configmap/ | ||
| [secret]: https://kubernetes.io/docs/concepts/configuration/secret/ | ||
| [statefulSet]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset | ||
| [initContianer]: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ |
There was a problem hiding this comment.
initContainer, not initContianer
There was a problem hiding this comment.
Wow, thanks for catching this!
crassirostris
force-pushed
the
cleanup-fluentd-es
branch
from
cf997af to
46f53da
Compare
|
@aknuds1 Thanks! Rephrased Storage paragraph little bit |
|
/retest |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: coffeepac, crassirostris Associated issue: 41462 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Automatic merge from submit-queue (batch tested with PRs 48532, 50054, 50082) |
Refactor fluentd-elasticsearch addon:
Fixes #41462
Fixes #49816
Fixes #48973
Fixes #49450
@aknuds1 @coffeepac Could you please take a look?