forked from signalfx/splunk-otel-collector-chart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
1345 lines (1213 loc) · 49.8 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Configurable parameters and default values for splunk-otel-collector.
# This is a YAML-formatted file.
# Declared variables will be passed into templates.
# nameOverride replaces the name of the chart, when this is used to construct
# Kubernetes object names.
nameOverride: ""
# fullnameOverride completely replaces the generated name.
fullnameOverride: ""
################################################################################
# clusterName is a REQUIRED. It can be set to an arbitrary value that identifies
# your K8s cluster. The value will be associated with every trace, metric and
# log as "k8s.cluster.name" attribute.
################################################################################
clusterName: ""
################################################################################
# Splunk Cloud / Splunk Enterprise configuration.
################################################################################
# Specify `endpoint` and `token` in order to send data to Splunk Cloud or Splunk
# Enterprise.
splunkPlatform:
# Required for Splunk Enterprise/Cloud. URL to a Splunk instance to send data
# to. e.g. "http://X.X.X.X:8088/services/collector". Setting this parameter
# enables Splunk Platform as a destination.
endpoint: ""
# Required for Splunk Enterprise/Cloud (if `endpoint` is specified). Splunk
# HTTP Event Collector token.
token: ""
# Name of the Splunk event type index targeted. Required when ingesting logs to Splunk Platform.
index: "main"
# Name of the Splunk metric type index targeted. Required when ingesting metrics to Splunk Platform.
metricsIndex: ""
# Name of the Splunk event type index targeted. Required when ingesting traces to Splunk Platform.
tracesIndex: ""
# Optional. Default value for `source` field.
source: "kubernetes"
# Optional. Default value for `sourcetype` field. For container logs, it will
# be container name.
sourcetype: ""
# Maximum HTTP connections to use simultaneously when sending data.
maxConnections: 200
# Whether to disable gzip compression over HTTP. Defaults to true.
disableCompression: true
# HTTP timeout when sending data. Defaults to 10s.
timeout: 10s
# Whether to skip checking the certificate of the HEC endpoint when sending
# data over HTTPS.
insecureSkipVerify: false
# The PEM-format CA certificate for this client.
# NOTE: The content of the certificate itself should be used here, not the
# file path. The certificate will be stored as a secret in kubernetes.
clientCert: ""
# The private key for this client.
# NOTE: The content of the key itself should be used here, not the file path.
# The key will be stored as a secret in kubernetes.
clientKey: ""
# The PEM-format CA certificate file.
# NOTE: The content of the file itself should be used here, not the file path.
# The file will be stored as a secret in kubernetes.
caFile: ""
# Options to disable or enable particular telemetry data types that will be sent to
# Splunk Platform. Only logs collection is enabled by default.
logsEnabled: true
# If you enable metrics collection, make sure that `metricsIndex` is provided as well.
metricsEnabled: false
# If you enable traces collection, make sure that `tracesIndex` is provided as well.
tracesEnabled: false
# Field name conventions to use. (Only for those who are migrating from Splunk Connect for Kubernetes helm chart)
fieldNameConvention:
# Boolean for renaming pod metadata fields to match to Splunk Connect for Kubernetes helm chart.
renameFieldsSck: false
# Boolean for keeping Otel convention fields after renaming it
keepOtelConvention: true
# Refer to https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/exporterhelper/README.md#configuration
# for detailed examples
retryOnFailure:
enabled: true
# Time to wait after the first failure before retrying; ignored if enabled is false
initialInterval: 5s
# The upper bound on backoff; ignored if enabled is false
maxInterval: 30s
# The maximum amount of time spent trying to send a batch; ignored if enabled is false
maxElapsedTime: 300s
sendingQueue:
enabled: true
# Number of consumers that dequeue batches; ignored if enabled is false
numConsumers: 10
# Maximum number of batches kept in memory before dropping; ignored if enabled is false
# User should calculate this as num_seconds * requests_per_second where:
# num_seconds is the number of seconds to buffer in case of a backend outage
# requests_per_second is the average number of requests per seconds.
queueSize: 5000
################################################################################
# Splunk Observability configuration
################################################################################
# Specify `realm` and `accessToken` to telemetry data to Splunk Observability
# Cloud.
splunkObservability:
# Required for Splunk Observability. Splunk Observability realm to send
# telemetry data to. Setting this parameter enables Splunk Observability as a
# destination.
realm: ""
# Required for Splunk Observability (if `realm` is specified). Splunk
# Observability org access token.
accessToken: ""
# Optional. Splunk Observability ingest URL, default:
# "https://ingest.<realm>.signalfx.com".
ingestUrl: ""
# Optional. Splunk Observability API URL, default:
# "https://api.<realm>.signalfx.com".
apiUrl: ""
# Options to disable or enable particular telemetry data types.
metricsEnabled: true
tracesEnabled: true
logsEnabled: false
# Option to send Kubernetes events to Splunk Observability Infrastructure Monitoring as data events:
# https://docs.splunk.com/Observability/alerts-detectors-notifications/view-data-events.html
# To send Kubernetes events to Splunk Observability Log Observer, configure clusterReceiver.k8sObjects
# and set splunkObservability.logsEnabled to true.
infrastructureMonitoringEventsEnabled: false
# This option just enables the shared pipeline for logs and profiling data.
# There is no active collection of profiling data.
# Instrumentation libraries must be configured to send it to the collector.
# If you don't use AlwaysOn Profiling for Splunk APM, you can disable it.
profilingEnabled: false
################################################################################
# Logs collection engine:
# - `fluentd`: deploy a fluentd sidecar that will collect logs and send them to
# otel-collector agent for further processing.
# - `otel`: utilize native OpenTelemetry log collection.
#
# Change it to `otel` to get higher throughput performance and avoid installing
# an extra container for fluentd.
################################################################################
logsEngine: fluentd
################################################################################
# Cloud provider, if any, the collector is running on. Leave empty for none/other.
# - "aws" (Amazon Web Services)
# - "gcp" (Google Cloud Platform)
# - "azure" (Microsoft Azure)
################################################################################
cloudProvider: ""
################################################################################
# Kubernetes distribution being run. Leave empty for other.
# - "aks" (Azure Kubernetes Service)
# - "eks" (Amazon Elastic Kubernetes Service)
# - "eks/fargate" (Amazon Elastic Kubernetes Service with Fargate profiles )
# - "gke" (Google Kubernetes Engine / Standard mode)
# - "gke/autopilot" (Google Kubernetes Engine / Autopilot mode)
# - "openshift" (RedHat OpenShift)
################################################################################
distribution: ""
################################################################################
# Optional "environment" parameter that will be added to all the telemetry
# data (traces/logs/metrics) as an attribute. It will allow Splunk Observability
# users to investigate data coming from different source separately.
################################################################################
# environment: production
################################################################################
# Optional: Automatic detection of additional metric sources.
# Set autodetect.prometheus=true if you want the otel-collector agent to scrape
# prometheus metrics from pods that have prometheus-style annotations like
# "prometheus.io/scrape".
# Set autodetect.istio=true in istio environment.
################################################################################
autodetect:
prometheus: false
istio: false
################################################################################
# Optional: Configuration for additional metadata that will be added to all the
# telemetry as extra attributes.
# IMPORTANT: Additional attributes configured with `fromLabels` and
# `fromAttributes` options are only applied to traces and logs. Pod labels are
# always sent to Splunk Observability (if enabled) as metric properties.
################################################################################
extraAttributes:
# Labels that will be collected from k8s pods (or namespaces) (in case they are set)
# and added as extra attributes to the telemetry in the following format:
# k8s.<pod|namespace>.labels.<label_name>: <label_value>
# For example, if you want to collect "my_key" label from your namespaces, you could use the following:
# fromLabels:
# - key: my_key
# from: namespace
#
# If you want to change the default attribute name `k8s.pod.labels.<label_name>`, you could do that using a `tag_name` field:
# fromLabels:
# - key: my_key
# tag_name: my_tag
# from: pod
#
# `key_regex` field can be used to get a specific set of labels that match a regex.
# If `key_regex` used is used, the `key` field accepts regexp matching groups.
# The following example will fetch all the pod labels and propagate them to the attributes as is,
# without "k8s.pod.labels." prefix. "$" from the matching group must be escaped as "$$".
# fromLabels:
# - key_regex: (.*)
# from: pod
# tag_name: "$$1"
fromLabels:
- key: app
# Annotations that will be collected from k8s pods (or namespaces) (in case they are set)
# and added as extra attributes to the telemetry in the following format:
# k8s.<pod|namespace>.annotations.<annotation_name>: <annotation_value>
# fromAnnotations uses the same extraction rules as fromLabels option so refer examples from the fromLabels option.
fromAnnotations: []
# List of hardcoded key/value pairs that will be added as attributes to
# all the telemetry.
custom: []
# - name: "account_id"
# value: "1234567890"
################################################################################
# OPTIONAL CONFIGURATIONS OF PARTICULAR O11Y COLLECTOR COMPONENTS
################################################################################
################################################################################
# Open-telemetry collector running as an deamonset agent on every node.
# It collects metrics and traces and send them to Signalfx backend.
################################################################################
agent:
enabled: true
# Metric collection from k8s control plane components.
# For control plane configuration details see: docs/advanced-configuration.md#control-plane-metrics
controlPlaneMetrics:
apiserver:
# Specifies whether to collect apiserver metrics.
enabled: true
controllerManager:
# Specifies whether to collect controller manager metrics.
enabled: true
coredns:
# Specifies whether to collect coredns metrics.
enabled: true
etcd:
# Specifies whether to collect etcd metrics.
# For set up etcd metrics details see: docs/advanced-configuration.md#setting-up-etcd-metrics
enabled: false
secret:
# The name of the secret the helm chart will create (if name is empty the default name is used) or the name
# of a secret that the user created (empty names are not valid for user created secrets).
name: ""
# Option for creating a new secret or using an existing one.
# When secret.create=true, a new kubernetes secret will be created by the helm chart that will contain the
# values from clientCert, clientKey, and caFile.
# When secret.create=false, the user must set secret.name to a name of a k8s secret the user created.
create: false
# Used when secret.create=true. The PEM-format CA certificate for the etcd client.
# NOTE: The content of the certificate itself should be used here, not the
# file path. The certificate will be stored as a secret in kubernetes.
clientCert: ""
# Used when secret.create=true. The private key for the etcd client.
# NOTE: The content of the key itself should be used here, not the file path.
# The key will be stored as a secret in kubernetes.
clientKey: ""
# Optional. Used when secret.create=true and skipVerify=false. The PEM-format CA certificate file.
# NOTE: The content of the file itself should be used here, not the file path.
# The file will be stored as a secret in kubernetes.
caFile: ""
# Specifies whether the etcd's TLS cert will be verified. If set to false, a CA certificate must be made
# available as part of the etcd secret to verify the TLS cert with.
skipVerify: true
proxy:
# Specifies whether to collect proxy metrics.
enabled: true
scheduler:
# Specifies whether to collect scheduler metrics.
enabled: true
# The ports to be exposed by the agent to the host.
# Make sure that only necessary ports are exposed, <hostIP, hostPort, protocol> combination must
# be unique across all the nodes in k8s cluster. Any port can be disabled,
# For example to disable zipkin ports set `agent.ports.zipkin: null`.
ports:
otlp:
containerPort: 4317
hostPort: 4317
protocol: TCP
enabled_for: [traces, metrics, logs, profiling]
otlp-http:
containerPort: 4318
protocol: TCP
enabled_for: [metrics, traces, logs, profiling]
otlp-http-old:
containerPort: 55681
protocol: TCP
enabled_for: [metrics, traces, logs]
sfx-forwarder:
containerPort: 9080
hostPort: 9080
protocol: TCP
enabled_for: [traces]
zipkin:
containerPort: 9411
hostPort: 9411
protocol: TCP
enabled_for: [traces]
jaeger-thrift:
containerPort: 14268
hostPort: 14268
protocol: TCP
enabled_for: [traces]
jaeger-grpc:
containerPort: 14250
hostPort: 14250
protocol: TCP
enabled_for: [traces]
fluentforward:
containerPort: 8006
hostPort: 8006
protocol: TCP
enabled_for: [logs]
signalfx:
containerPort: 9943
hostPort: 9943
protocol: TCP
enabled_for: [metrics]
resources:
limits:
cpu: 200m
# This value is being used as a source for default memory_limiter processor configurations
memory: 500Mi
# To collect container logs and journald logs, it will run the agent as a root user.
# To run it as non root user, uncomment below `securityContext` options.
# Setting runAsUser and runAsGroup to a non root user enables an init container that patches group
# permissions of container logs directories on the host filesystem to make logs readable by this non root user.
securityContext: {}
# runAsUser: 20000
# runAsGroup: 20000
# Specifies DaemonSet update strategy.
# Possible values: "OnDelete" and "RollingUpdate".
updateStrategy: RollingUpdate
# Specifies the maximum of pods that can be unavailable during update process.
# Applicable only when updateStrategy is set to "RollingUpdate".
# Can be an absolute number or a percentage. The default is 1.
maxUnavailable: 1
# OTel agent annotations
annotations: {}
podAnnotations: {}
# OTel agent extra pod labels
podLabels: {}
# Extra enviroment variables to be set in the OTel agent container
extraEnvs: []
# Extra volumes to be mounted to the agent daemonset.
# The volumes will be available for both OTel agent and fluentd containers.
extraVolumes: []
extraVolumeMounts: []
# Enable or disable features of the agent.
featureGates: ""
# OpenTelemetry Collector configuration for otel-agent daemonset can be overriden in this field.
# Default configuration defined in templates/config/_otel-agent.tpl
# Any additional fields will be merged into the defaults,
# existing fields can be disabled by setting them to null value.
config: {}
################################################################################
# OpenTelemetry Kubernetes cluster receiver
# This is an extra 1-replica deployment of Open-temlemetry collector used
# specifically for collecting metrics from kubernetes API.
################################################################################
# Cluster receiver collects cluster level metrics from the Kubernetes API.
# It has to be running on one pod, so it uses its own dedicated deployment with 1 replica.
clusterReceiver:
enabled: true
# Need to be adjusted based on size of the monitored cluster
resources:
limits:
cpu: 200m
memory: 500Mi
# Scheduling configurations
nodeSelector: {}
tolerations: []
affinity: {}
# Pod configurations
securityContext: {}
terminationGracePeriodSeconds: 600
priorityClassName: ""
# k8s cluster receiver collector annotations
annotations: {}
podAnnotations: {}
# This flag enables Kubernetes events collection using OpenTelemetry Kubernetes Events Receiver
# https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8seventsreceiver
# This option requires `logsEnabled` to be set to `true` for either `splunkObservability` or `splunkPlatform`
# depending on where you want to send the events. Otherwise this option will not have any effect.
# The receiver currently is in alpha state which means that events format might change over time.
# Once the receiver is stabilized, it'll be enabled by default in this helm chart
eventsEnabled: false
# Kubernetes objects collection using OpenTelemetry Kubernetes Object Receiver
# https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8sobjectsreceiver
# This option requires `logsEnabled` to be set to `true` for either `splunkObservability` or `splunkPlatform`
# depending on where you want to send the events. Otherwise, this option will not have any effect.
# The receiver currently is in alpha state which means that events format might change over time.
# Once the receiver is stabilized, it'll be enabled by default in this helm chart
#
# == Schema ==
# ```
# k8sObjects:
# - <objectDefinition>
# ```
# Each `objectDefinition` has the following fields:
# * mode:
# define in which way it collects this type of object, either "pull" or "watch".
# - "pull" mode will read all objects of this type use the list API at an interval. Default mode.
# - "watch" mode will setup a long connection using the watch API to just get updates.
# * name: [REQUIRED]
# name of the object, e.g. `pods`, `namespaces`.
# * namespace:
# only collects objects from the specified namespace, by default it's all namespaces
# * labelSelector:
# select objects by label(s)
# * fieldSelector:
# select objects by field(s)
# * interval:
# the interval at which object is pulled, default 60 seconds.
# Only useful for "pull" mode.
#
#
# == Example ==
# ```
# k8sObjects:
# - name: pods
# mode: pull
# label_selector: environment in (production),tier in (frontend)
# field_selector: status.phase=Running
# interval: 15m
# - name: events
# mode: watch
# group: events.k8s.io
# namespaces: [default]
# ```
#
# The configuration format in details is described here:
# https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8sobjectsreceiver
k8sObjects: []
# k8s cluster receiver extra pod labels
podLabels: {}
# Extra enviroment variables to be set in the OTel Cluster Receiver container
extraEnvs: []
# Extra volumes to be mounted to the k8s cluster receiver container.
extraVolumes: []
extraVolumeMounts: []
# Enable or disable features of the cluster receiver.
featureGates: ""
# OpenTelemetry Collector configuration for K8s Cluster Receiver deployment can be overriden in this field.
# Default configuration defined in templates/config/_otel-k8s-cluster-receiver-config.tpl
# Any additional fields will be merged into the defaults,
# existing fields can be disabled by setting them to null value.
config: {}
#################################################################
# Native OtelTelemetry logs collection using
# https://github.com/open-telemetry/opentelemetry-log-collection.
# Disabled by default in favor of fluentd.
#################################################################
logsCollection:
# Container logs collection
containers:
enabled: true
# Container runtime. One of `docker`, `cri-o`, or `containerd`
# Automatically discovered if not set.
containerRuntime: ""
# Paths of logfiles to exclude. object type is array:
# i.e. to exclude `kube-system` namespace,
# excludePaths: ["/var/log/pods/kube-system_*/*/*.log"]
excludePaths: []
# Boolean for ingesting the agent's own log
excludeAgentLogs: true
# Extra operators for container logs.
# https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/README.md#what-operators-are-available
extraOperators: []
# Multiline logs processing configuration. Multiline logs that written by containers to stdout
# are usually broken down into several one-line logs and can be reconstructed with a regex
# expression that matches the first line of each logs batch. The following operator is being
# utilized for this purpose:
# https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/recombine.md
# By the time of reconstructing a multiline log the following information is available to
# identify source of the logs: namespace, pod and container names. At least one source
# identifier has to be specified in for each multiline config.
# The following example shows how to setup multiline log processing for logs having subsequent
# log lines written with an offset. Let's say a k8s deployment called "buttercup-app" is
# scheduled to run in "default" namespace with a java container called "server", and the
# container produces the following log example:
# .........
# Exception in thread "main" java.lang.NumberFormatException: For input string: "3.1415"
# at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
# at java.lang.Integer.parseInt(Integer.java:580)
# at ExampleCli.parseNumericArgument(ExampleCli.java:47)
# at ExampleCli.parseCliOptions(ExampleCli.java:27)
# at ExampleCli.main(ExampleCli.java:11)
# .........
# The following sample configuration will handle multiline logs from that specific container:
# multilineConfigs:
# - namespaceName:
# value: default
# podName:
# value: buttercup-app-.*
# useRegexp: true
# containerName:
# value: server
# firstEntryRegex: ^[^\s].*
multilineConfigs: []
# Set useSplunkIncludeAnnotation flag to `true` to collect logs from pods with `splunk.com/include: true` annotation and ignore others.
# All other logs will be ignored.
useSplunkIncludeAnnotation: false
# Configuration for collecting journald logs using otel collector
journald:
enabled: false
# Please update directory path for journald if it's different from below default value "/var/log/journal"
directory: /var/log/journal
# List of service units to collect journald logs for and configuration for each.
units:
- name: kubelet
priority: info
- name: docker
priority: info
- name: containerd
priority: info
# Route journald logs to its own Splunk Index by specifying the index value below, else leave it blank. Please make sure the index exist in Splunk and is configured to receive HEC traffic. Not applicable to Splunk Observability.
index: ""
checkpointPath: "/var/addon/splunk/otel_pos"
# Files on k8s nodes to tail.
# Make sure to configure volume mounts properly at `agent.extraVolumes` and `agent.extraVolumeMounts`.
extraFileLogs: {}
# Sample configuration to collect Audit logs. Please note hostPath can vary depending on the audit-policy.yaml configuration.
# extraFileLogs:
# filelog/audit-log:
# include: [/var/log/kubernetes/apiserver/audit.log]
# start_at: beginning
# include_file_path: true
# include_file_name: false
# resource:
# com.splunk.source: /var/log/kubernetes/apiserver/audit.log
# host.name: 'EXPR(env("K8S_NODE_NAME"))'
# com.splunk.sourcetype: kube:apiserver-audit
################################################################################
# Fluentd sidecar configuration for logs collection.
# As of now, this is the recommended way to collect k8s logs,
# but it will be replaced by the native otel logs collection soon.
################################################################################
fluentd:
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 200Mi
securityContext:
runAsUser: 0
# Extra enviroment variables to be set in the FluentD container
extraEnvs: []
config:
# Configurations for container logs
containers:
# Path to root directory of container logs
path: /var/log
# Final volume destination of container log symlinks
pathDest: /var/lib/docker/containers
# Log format type, "json" or "cri".
# If omitted (default), the value is detected automatically based on container runtime.
# "json" is set if docker runtime detected, otherwise it defaults to "cri".
logFormatType: ""
# Specify the log format for "cri" logFormatType
# It can be "%Y-%m-%dT%H:%M:%S.%N%:z" for openshift and "%Y-%m-%dT%H:%M:%S.%NZ" for IBM IKS
criTimeFormat: "%Y-%m-%dT%H:%M:%S.%N%:z"
# Directory where to read journald logs. (docker daemon logs, kubelet logs, and anyother specified serivce logs)
journalLogPath: /run/log/journal
# Controls the output buffer for the fluentd daemonset
# Note that, for memory buffer, if `resources.limits.memory` is set,
# the total buffer size should not bigger than the memory limit, it should also
# consider the basic memory usage by fluentd itself.
# All buffer parameters (except Argument) defined in
# https://docs.fluentd.org/v1.0/articles/buffer-section#parameters
# can be configured here.
buffer:
"@type": memory
total_limit_size: 600m
chunk_limit_size: 1m
chunk_limit_records: 100000
flush_interval: 5s
flush_thread_count: 1
overflow_action: block
retry_max_times: 3
# logLevel is to set log level of the Splunk log collector.
# Available values are: trace, debug, info, warn, error
logLevel: info
# path of logfiles, default /var/log/containers/*.log
path: /var/log/containers/*.log
# paths of logfiles to exclude. object type is array as per fluentd specification:
# https://docs.fluentd.org/input/tail#exclude_path
excludePath: []
# - /var/log/containers/kube-svc-redirect*.log
# - /var/log/containers/tiller*.log
# Prefix for pos_file tail source parameter
# Can be used if you want to run multiple instances of fluentd on the same host
# https://docs.fluentd.org/input/tail#pos_file-highly-recommended
posFilePrefix: /var/log/splunk-fluentd
# `customFilters` defines the custom filters to be used.
# This section can be used to define custom filters using plugins like https://github.com/splunk/fluent-plugin-jq
# Its also possible to use other filters like https://www.fluentd.org/plugins#filter
#
# The scheme to define a custom filter is:
#
# ```
# <name>:
# tag: <fluentd tag for the filter>
# type: <fluentd filter type>
# body: <definition of the fluentd filter>
# ```
#
# = fluentd tag for the filter =
# This is the fluentd tag for the record
#
# = fluentd filter type =
# This is the fluentd filter that the user wants to use for record manipulation.
#
# = definition of the fluentd filter =
# This defines the body/logic for using the filter for record manipulation.
#
# For example if you want to define a filter which sets cluster_name field to "my_awesome_cluster" you would the following filter
# <filter tail.containers.**>
# @type jq_transformer
# jq '.record.cluster_name = "my_awesome_cluster" | .record'
# </filter>
# This can be defined in the customFilters section as follows:
# ```
# customFilters:
# NamespaceSourcetypeFilter:
# tag: tail.containers.**
# type: jq_transformer
# body: jq '.record.cluster_name = "my_awesome_cluster" | .record'
# ```
customFilters: {}
# `logs` defines the source of logs, multiline support, and their sourcetypes.
#
# The scheme to define a log is:
#
# ```
# <name>:
# from:
# <source>
# timestampExtraction:
# regexp: "<regexp_to_extract_timestamp_from_log>"
# format: "<format_of_the_timestamp>"
# multiline:
# firstline: "<regexp_to_detect_firstline_of_multiline>"
# flushInterval: 5s
# sourcetype: "<sourcetype_of_logs>"
# ```
#
# = <source> =
# It supports 3 kinds of sources: journald, file, and container.
# For `journald` logs, `unit` is required for filtering using _SYSTEMD_UNIT, example:
# ```
# docker:
# from:
# journald:
# unit: docker.service
# ```
#
# For `file` logs, `path` is required for specifying where is the log files. Log files are expected in `/var/log`, example:
# ```
# docker:
# from:
# file:
# path: /var/log/docker.log
# ```
#
# For `container` logs, `pod` field is required. It represents part of
# the pod name, can be name of a deployment or replica set. Use "*" to
# apply the configuration to all pods. Optional `container` value can be
# used to apply configuration to a particular container.
# ```
# kube-apiserver:
# from:
# pod: kube-apiserver
#
# etcd:
# from:
# pod: etcd-server
# container: etcd-container
# ```
#
# = timestamp =
# `timestampExtraction` defines how to extract timestamp from logs. This *only* works for `file` source.
# To use `timestampExtraction` you need to define both:
# - `regexp`: the Regular Expression used to find the timestamp from a log entry.
# The timestamp part must be in a `time` named group. E.g.
# (?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})
# - `format`: a format string defintes how to parse the timestamp, e.g. "%Y-%m-%d %H:%M:%S".
# More details can be find: http://ruby-doc.org/stdlib-2.5.0/libdoc/time/rdoc/Time.html#method-c-strptime
#
# = multiline =
# `multiline` options provide basic multiline support. Two options:
# - `firstline`: a Regular Expression used to detect the first line of a multiline log.
# - `flushInterval`: The interval between data flushes, default value: 5s.
#
# = sourcetype =
# sourcetype of each kind of log can be defined using the `sourcetype` field.
# If `sourcetype` is not defined, `name` will be used.
#
# ---
# Here we have some default timestampExtraction and multiline settings for kubernetes components.
# So, usually you just need to redefine the source of those components if necessary.
logs:
docker:
from:
journald:
unit: docker.service
timestampExtraction:
regexp: time="(?<time>\d{4}-\d{2}-\d{2}T[0-2]\d:[0-5]\d:[0-5]\d.\d{9}Z)"
format: "%Y-%m-%dT%H:%M:%S.%NZ"
sourcetype: kube:docker
kubelet: &glog
from:
journald:
unit: kubelet.service
timestampExtraction:
regexp: \w(?<time>[0-1]\d[0-3]\d [^\s]*)
format: "%m%d %H:%M:%S.%N"
multiline:
firstline: /^\w[0-1]\d[0-3]\d/
sourcetype: kube:kubelet
etcd:
from:
pod: etcd-server
container: etcd-container
timestampExtraction:
regexp: (?<time>\d{4}-\d{2}-\d{2} [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
etcd-minikube:
from:
pod: etcd-minikube
container: etcd
timestampExtraction:
regexp: (?<time>\d{4}-\d{2}-\d{2} [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
etcd-events:
from:
pod: etcd-server-events
container: etcd-container
timestampExtraction:
regexp: (?<time>\d{4}-[0-1]\d-[0-3]\d [0-2]\d:[0-5]\d:[0-5]\d\.\d{6})
format: "%Y-%m-%d %H:%M:%S.%N"
kube-apiserver:
<<: *glog
from:
pod: kube-apiserver
sourcetype: kube:kube-apiserver
kube-scheduler:
<<: *glog
from:
pod: kube-scheduler
sourcetype: kube:kube-scheduler
kube-controller-manager:
<<: *glog
from:
pod: kube-controller-manager
sourcetype: kube:kube-controller-manager
kube-proxy:
<<: *glog
from:
pod: kube-proxy
sourcetype: kube:kube-proxy
kubedns:
<<: *glog
from:
pod: kube-dns
sourcetype: kube:kubedns
dnsmasq:
<<: *glog
from:
pod: kube-dns
sourcetype: kube:dnsmasq
dns-sidecar:
<<: *glog
from:
pod: kube-dns
container: sidecar
sourcetype: kube:kubedns-sidecar
dns-controller:
<<: *glog
from:
pod: dns-controller
sourcetype: kube:dns-controller
kube-dns-autoscaler:
<<: *glog
from:
pod: kube-dns-autoscaler
container: autoscaler
sourcetype: kube:kube-dns-autoscaler
kube-audit:
from:
file:
path: /var/log/kube-apiserver-audit.log
timestampExtraction:
format: "%Y-%m-%dT%H:%M:%SZ"
sourcetype: kube:apiserver-audit
################################################################################
# Docker image configuration
################################################################################
image:
# Secrets to attach to the respective serviceaccount to pull docker images
imagePullSecrets: []
fluentd:
# The registry and name of the fluentd image to pull
repository: splunk/fluentd-hec
# The tag of the fluentd image to pull
tag: 1.2.8
# The policy that specifies when the user wants the fluentd images to be pulled
pullPolicy: IfNotPresent
otelcol:
# The registry and name of the opentelemetry collector image to pull
repository: quay.io/signalfx/splunk-otel-collector
# The tag of the Splunk OTel Collector image, default value is the chart appVersion
tag: ""
# The policy that specifies when the user wants the opentelemetry collector images to be pulled
pullPolicy: IfNotPresent
# Image to be used by init container that patches log directories on the host, so the collector can read from them as a non-root user.
# Effective only if `agent.securityContext.runAsUser` and `agent.securityContext.runAsGroup` are set to non-zero values.
initPatchLogDirs:
# The registry and name of the Universal Base Image 9 image to pull
repository: registry.access.redhat.com/ubi9/ubi
# The tag of the Universal Base Image 9, default value is latest
tag: ""
# The policy that specifies when the user wants the Universal Base images to be pulled
pullPolicy: IfNotPresent
################################################################################
# Extra system configuration
################################################################################
## Limits how many pods may be unavailable due to voluntary disruptions.
## https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
# Minimum number of pods (as a number or percentage) that must remain available.
# minAvailable:
# Maximum number of pods (as a number or percentage) that can be unavailable.
# maxUnavailable:
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Service account annotations
annotations: {}
rbac:
# Create or use existing RBAC resources
create: true
# Specifies additional rules that will be added to the clusterRole.
customRules: []
# Create or use existing secret if name is empty default name is used
secret:
create: true
name: ""
# Specifies whether secret provided by user should be validated.
validateSecret: true
# This default tolerations allow the daemonset to be deployed on master nodes,
# so that we can also collect logs and metrics from those nodes.
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
# Defines which nodes should be selected to deploy the o11y collector daemonset.
nodeSelector: {}
terminationGracePeriodSeconds: 600
# Defines node affinity to restrict deployment of the o11y collector daemonset.
affinity: {}
# Defines priorityClassName to assign a priority class to pods.
priorityClassName: ""
# This tells the kubelet that it should wait for x seconds before performing the first probe.
# This is required in case you are using windows worker nodes.
# It is recommended to keep it a 60-second window but it depends on cluster specification.
readinessProbe:
initialDelaySeconds: 0
livenessProbe:
initialDelaySeconds: 0
# Specifies whether to apply for k8s cluster with windows worker node.
isWindows: false
# Openshift SecurityContextConstraints can be overriden in this field.
# This fields will be merged into the default config that can be found at
# https://github.com/signalfx/splunk-otel-collector-chart/blob/main/helm-charts/splunk-otel-collector/templates/securityContextConstraints.yaml
# NOTE: This config will only be used when distribution=openshift
securityContextConstraintsOverwrite: {}
################################################################################
# OpenTelemetry "collector" k8s deployment configuration.
# This is an additional deployment of Open-telemetry collector that can be used
# to pass traces trough it, make k8s metadata enrichment and batching.
# Another use case is to point tracing instrumentation libraries directly to
# the collector endpoint instead of local agents. The collector running in the
# passthrough mode is recommended for large k8s clusters, disabled by default.
################################################################################
gateway:
# Defines if collector deployment is enabled
# Recommended for large k8s clusters, disabled by default.
enabled: false
# Number of collector replicas
replicaCount: 3
# The ports exposed by the collector container.
# Any port can be disabled by setting to null.
# Any changes should be aligned with service.ports configuration below.
ports:
otlp:
containerPort: 4317
protocol: TCP
enabled_for: [metrics, traces, logs]