constellation/hack/logcollector/internal/templates/metricbeat/values-control-plane.yml

# Helm Values for the DaemonSet that is deployed on all control plane nodes in the cluster and
# collects Kubernetes and etcd metrics.
image: ghcr.io/edgelesssys/beats/metricbeat-oss
imageTag: 8.11.0@sha256:c2488378e794467f2a7214a56da0de017db1f2c28198721f12d74ad9cc263d08

kube_state_metrics:
  enabled: false

deployment:
    enabled: false

daemonset:
    enabled: true
    metricbeatConfig:
      metricbeat.yml: ""
    hostNetworking: true
    extraEnvs: []
    secretMounts: []
    nodeSelector:
      node-role.kubernetes.io/control-plane: ""
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
    securityContext:
      privileged: true
      runAsUser: 0
    extraVolumeMounts:
      - name: runsystemd
        mountPath: /run/systemd
        readOnly: true
      - name: varrundbus
        mountPath: /var/run/dbus
        readOnly: true
      - name: etcdcerts
        mountPath: /etc/kubernetes/pki/etcd
        readOnly: true
    extraVolumes:
      - name: runsystemd
        hostPath:
          path: /run/systemd
          type: ""
      - name: varrundbus
        hostPath:
          path: /var/run/dbus
          type: ""
      - name: etcdcerts
        hostPath:
          path: /etc/kubernetes/pki/etcd
          type: ""
    resources:
      requests:
        cpu: "100m"
        memory: "100Mi"
      limits: null
      
clusterRoleRules:
  - apiGroups: [""]
    resources:
      - nodes
      - namespaces
      - events
      - pods
      - services
    verbs: ["get", "list", "watch"]
  - apiGroups: ["extensions"]
    resources:
      - replicasets
    verbs: ["get", "list", "watch"]
  - apiGroups: ["apps"]
    resources:
      - statefulsets
      - deployments
      - replicasets
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources:
      - nodes/stats
    verbs: ["get"]
  - apiGroups: ["batch"]
    resources:
      - jobs
    verbs: ["get", "list", "watch"]
  - apiGroups:
      - ""
    resources:
      - nodes/stats
    verbs:
      - get
  - nonResourceURLs:
      - "/metrics"
    verbs:
      - get
ci: collect cluster metrics to OpenSearch (#2347) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> 2023-09-27 10:17:31 -04:00			`# Helm Values for the DaemonSet that is deployed on all control plane nodes in the cluster and`
			`# collects Kubernetes and etcd metrics.`
			`image: ghcr.io/edgelesssys/beats/metricbeat-oss`
			`imageTag: 8.11.0@sha256:c2488378e794467f2a7214a56da0de017db1f2c28198721f12d74ad9cc263d08`

			`kube_state_metrics:`
			`enabled: false`

			`deployment:`
			`enabled: false`

			`daemonset:`
			`enabled: true`
			`metricbeatConfig:`
			`metricbeat.yml: ""`
			`hostNetworking: true`
			`extraEnvs: []`
			`secretMounts: []`
			`nodeSelector:`
			`node-role.kubernetes.io/control-plane: ""`
			`tolerations:`
			`- key: node-role.kubernetes.io/control-plane`
			`operator: Exists`
			`effect: NoSchedule`
			`securityContext:`
			`privileged: true`
			`runAsUser: 0`
			`extraVolumeMounts:`
			`- name: runsystemd`
			`mountPath: /run/systemd`
			`readOnly: true`
			`- name: varrundbus`
			`mountPath: /var/run/dbus`
			`readOnly: true`
			`- name: etcdcerts`
			`mountPath: /etc/kubernetes/pki/etcd`
			`readOnly: true`
			`extraVolumes:`
			`- name: runsystemd`
			`hostPath:`
			`path: /run/systemd`
			`type: ""`
			`- name: varrundbus`
			`hostPath:`
			`path: /var/run/dbus`
			`type: ""`
			`- name: etcdcerts`
			`hostPath:`
			`path: /etc/kubernetes/pki/etcd`
			`type: ""`
metricbeat: don't limit memory (#2534) 2023-10-30 03:02:20 -04:00			`resources:`
			`requests:`
			`cpu: "100m"`
			`memory: "100Mi"`
			`limits: null`

ci: collect cluster metrics to OpenSearch (#2347) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> 2023-09-27 10:17:31 -04:00			`clusterRoleRules:`
			`- apiGroups: [""]`
			`resources:`
			`- nodes`
			`- namespaces`
			`- events`
			`- pods`
			`- services`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["extensions"]`
			`resources:`
			`- replicasets`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["apps"]`
			`resources:`
			`- statefulsets`
			`- deployments`
			`- replicasets`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: [""]`
			`resources:`
			`- nodes/stats`
			`verbs: ["get"]`
			`- apiGroups: ["batch"]`
			`resources:`
			`- jobs`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- nodes/stats`
			`verbs:`
			`- get`
			`- nonResourceURLs:`
			`- "/metrics"`
			`verbs:`
			`- get`