diff --git a/helm/configurations/values-dev.yaml b/helm/configurations/values-dev.yaml index 7b010fc2..ecf9d7a0 100644 --- a/helm/configurations/values-dev.yaml +++ b/helm/configurations/values-dev.yaml @@ -64,3 +64,12 @@ opensearch: key: OPENSEARCH_INITIAL_ADMIN_PASSWORD secretMounts: [] customSecurityConfig: + +# FluentBit configuration for dev environment +fluent-bit: + enabled: false + outputConfig: + tls: "Off" + tlsCaFile: "" + extraVolumes: [] + extraVolumeMounts: [] diff --git a/helm/reana/Chart.yaml b/helm/reana/Chart.yaml index b03c7291..6253e1e0 100644 --- a/helm/reana/Chart.yaml +++ b/helm/reana/Chart.yaml @@ -39,3 +39,7 @@ dependencies: version: 2.22.1 repository: https://opensearch-project.github.io/helm-charts/ condition: opensearch.enabled + - name: fluent-bit + version: 0.47.7 + repository: https://fluent.github.io/helm-charts + condition: fluent-bit.enabled diff --git a/helm/reana/README.md b/helm/reana/README.md index 8639eb53..d07e33f0 100644 --- a/helm/reana/README.md +++ b/helm/reana/README.md @@ -73,6 +73,29 @@ This Helm automatically prefixes all names using the release name to avoid colli | `db_env_config.REANA_DB_PORT` | Environment variable to connect to external databases | "5432" | | `debug.enabled` | Instantiate a [wdb](https://github.com/Kozea/wdb) remote debugger inside the cluster, accessible in port `31984` | false | | `eos.enabled` | **[CERN only]** Enable EOS support inside the cluster | false | +| `fluent-bit.enabled` | Enable FluentBit | false | +| `fluent-bit.inputConfig.*` | Pass certain `tail` input [configuration parameters](https://docs.fluentbit.io/manual/pipeline/inputs/tail#config)| | +| `fluent-bit.inputConfig.refreshInterval` | `tail` input configuration parameter `Refresh_Interval` | 2 | +| `fluent-bit.inputConfig.rotateWait` | `tail` input configuration parameter `Rotate_Wait` | 5 | +| `fluent-bit.inputConfig.skipLongLines` | `tail` input configuration parameter `Skip_Long_Lines` | On | +| `fluent-bit.inputConfig.skipEmptyLines` | `tail` input configuration parameter `Skip_Empty_Lines` | On | +| `fluent-bit.filterConfig.*` | Pass certain `kubernetes` filter [configuration parameters](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#configuration-parameters)| | +| `fluent-bit.filterConfig.bufferSize` | `kubernetes` filter configuration parameter `Buffer_Size` | 512k | +| `fluent-bit.filterConfig.kubeUrl` | `kubernetes` filter configuration parameter `Kube_URL` | https://kubernetes.default.svc:443 | +| `fluent-bit.filterConfig.kubeCaFile` | `kubernetes` filter configuration parameter `Kube_CA_File` | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | +| `fluent-bit.filterConfig.kubeTokenFile` | `kubernetes` filter configuration parameter `Kube_Token_File` | /var/run/secrets/kubernetes.io/serviceaccount/token | +| `fluent-bit.outputConfig.*` | Pass certain `opensearch` output [configuration parameters](https://docs.fluentbit.io/manual/pipeline/outputs/opensearch#configuration-parameters)| | +| `fluent-bit.outputConfig.host` | `opensearch` output configuration parameter `Host` | reana-opensearch-master | +| `fluent-bit.outputConfig.httpUser` | `opensearch` output configuration parameter `HTTP_User` | fluentbit | +| `fluent-bit.outputConfig.httpPasswd` | `opensearch` output configuration parameter `HTTP_Passwd` | None | +| `fluent-bit.outputConfig.tls` | `opensearch` output configuration parameter `tls` | "On" | +| `fluent-bit.outputConfig.tlsVerify` | `opensearch` output configuration parameter `tls.verify` | "On" | +| `fluent-bit.outputConfig.tlsVerifyHostname` | `opensearch` output configuration parameter `tls.verify_hostname` | "Off" | +| `fluent-bit.outputConfig.tlsCaFile` | `opensearch` output configuration parameter `tls.ca_file` | /fluent-bit/etc/certs/ca.crt | +| `fluent-bit.outputConfig.tlsCrtFile` | `opensearch` output configuration parameter `tls.crt_file` | "" | +| `fluent-bit.outputConfig.tlsKeyFile` | `opensearch` output configuration parameter `tls.key_file` | "" | +| `fluent-bit.outputConfig.tlsKeyPassword` | `opensearch` output configuration parameter `tls.key_passwd` | "" | +| `fluent-bit.priority` | Priority class value for FluentBit pods | 1000000 | | `fullnameOverride` | Name to override the `reana.prefix` | None | | `infrastructure_storage` | Optional volume used by REANA's infrastructure (i.e. database and message broker). It has the same settings as `shared_storage` | {} | | `ingress.annotations.traefik.ingress.kubernetes.io/router.entrypoints` | Entrypoints allowed by the ingress controller | "web,websecure" | diff --git a/helm/reana/templates/priority-classes.yaml b/helm/reana/templates/priority-classes.yaml new file mode 100644 index 00000000..59d0dbe3 --- /dev/null +++ b/helm/reana/templates/priority-classes.yaml @@ -0,0 +1,11 @@ +{{- if index .Values "fluent-bit" "enabled" }} +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ include "reana.prefix" . }}-fluent-bit-priority-class +value: {{ index .Values "fluent-bit" "priority" | default 1000000 }} +preemptionPolicy: Never +globalDefault: false +description: "PriorityClass for FluentBit DaemonSet pods. This priority class will not cause other pods to be preempted." +{{- end }} diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml index 23dcaff4..0b3471b1 100644 --- a/helm/reana/values.yaml +++ b/helm/reana/values.yaml @@ -358,3 +358,192 @@ opensearch: backend_roles: - readall and_backend_roles: [] + +# FluentBit chart values.yaml +fluent-bit: + enabled: false + inputConfig: + refreshInterval: 2 + rotateWait: 5 + skipLongLines: "On" + skipEmptyLines: "On" + filterConfig: + bufferSize: 512k + kubeUrl: https://kubernetes.default.svc:443 + kubeCaFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + kubeTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + outputConfig: + host: reana-opensearch-master.default.svc.cluster.local + httpUser: fluentbit + httpPasswd: + tls: "On" + tlsVerify: "On" + tlsVerifyHostname: "On" + tlsCaFile: /fluent-bit/etc/certs/ca.crt + tlsCrtFile: "" + tlsKeyFile: "" + tlsKeyPassword: "" + ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file + config: + service: | + [SERVICE] + Daemon Off + Flush {{ .Values.flush }} + Log_Level {{ .Values.logLevel }} + Parsers_File /fluent-bit/etc/parsers.conf + Parsers_File /fluent-bit/etc/conf/custom_parsers.conf + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port {{ .Values.metricsPort }} + Health_Check On + + # ## https://docs.fluentbit.io/manual/pipeline/inputs + inputs: | + [INPUT] + Name tail + Path /var/log/containers/reana-run-job-* + multiline.parser docker, cri + Tag kube.* + Skip_Long_Lines {{ .Values.inputConfig.skipLongLines }} + Skip_Empty_Lines {{ .Values.inputConfig.skipEmptyLines }} + Refresh_Interval {{ .Values.inputConfig.refreshInterval }} + Rotate_Wait {{ .Values.inputConfig.rotateWait }} + + [INPUT] + Name tail + Path /var/log/containers/reana-run-batch-* + multiline.parser docker, cri + Tag kube.* + Skip_Long_Lines {{ .Values.inputConfig.skipLongLines }} + Skip_Empty_Lines {{ .Values.inputConfig.skipEmptyLines }} + Refresh_Interval {{ .Values.inputConfig.refreshInterval }} + Rotate_Wait {{ .Values.inputConfig.rotateWait }} + + ## https://docs.fluentbit.io/manual/pipeline/filters + filters: | + [FILTER] + Name kubernetes + Buffer_Size {{ .Values.filterConfig.bufferSize }} + Match kube.* + Annotations Off + Kube_Tag_Prefix kube.var.log.containers. + Kube_URL {{ .Values.filterConfig.kubeUrl }} + Kube_CA_File {{ .Values.filterConfig.kubeCaFile }} + Kube_Token_File {{ .Values.filterConfig.kubeTokenFile }} + + [FILTER] + Name parser + Match kube.var.log.containers.reana-run-batch-*job-controller* + Key_name log + Parser reana-capture + Reserve_Data On + Preserve_Key On + + [FILTER] + Name grep + Match kube.var.log.containers.reana-run-batch-*job-controller* + Logical_Op or + Regex level ERROR + Regex level WARNING + + [FILTER] + Name nest + Match kube.* + Operation lift + Nested_under kubernetes + Add_prefix kubernetes. + + [FILTER] + Name nest + Match kube.* + Operation lift + Nested_under kubernetes.labels + Add_prefix kubernetes.labels. + + [FILTER] + Name record_modifier + Match kube.* + Remove_key time + Remove_key stream + Remove_key kubernetes.pod_name + Remove_key kubernetes.namespace_name + Remove_key kubernetes.pod_id + Remove_key kubernetes.labels.batch.kubernetes.io/controller-uid + Remove_key kubernetes.labels.batch.kubernetes.io/job-name + Remove_key kubernetes.labels.controller-uid + Remove_key kubernetes.labels.reana-run-job-workflow-uuid + Remove_key kubernetes.labels.reana_workflow_mode + Remove_key kubernetes.annotations.* + Remove_key kubernetes.host + Remove_key kubernetes.container_name + Remove_key kubernetes.docker_id + Remove_key kubernetes.container_hash + Remove_key kubernetes.container_image + Remove_key _p + + [FILTER] + Name record_modifier + Match kube.var.log.containers.reana-run-job-* + Remove_key kubernetes.labels.reana-run-batch-workflow-uuid + + [FILTER] + Name record_modifier + Match kube.var.log.containers.reana-run-batch-* + Remove_key kubernetes.labels.job-name + + ## https://docs.fluentbit.io/manual/pipeline/outputs + outputs: | + [OUTPUT] + Name opensearch + Match kube.var.log.containers.reana-run-job-* + Host {{ .Values.outputConfig.host }} + {{- if .Values.outputConfig.httpPasswd }} + HTTP_User {{ .Values.outputConfig.httpUser }} + HTTP_Passwd {{ .Values.outputConfig.httpPasswd }} + {{- end }} + Index fluentbit-job_log + Suppress_Type_Name On + tls {{ .Values.outputConfig.tls }} + tls.verify {{ .Values.outputConfig.tlsVerify }} + tls.verify_hostname {{ .Values.outputConfig.tlsVerifyHostname }} + {{ if .Values.outputConfig.tlsCaFile }}tls.ca_file {{ .Values.outputConfig.tlsCaFile }}{{- end }} + {{ if .Values.outputConfig.tlsCrtFile }}tls.crt_file {{ .Values.outputConfig.tlsCrtFile }}{{- end }} + {{ if .Values.outputConfig.tlsKeyFile }}tls.key_file {{ .Values.outputConfig.tlsKeyFile }}{{- end }} + {{ if .Values.outputConfig.tlsKeyPassword }}tls.key_password {{ .Values.outputConfig.tlsKeyPassword }}{{- end }} + + [OUTPUT] + Name opensearch + Match kube.var.log.containers.reana-run-batch-* + Host {{ .Values.outputConfig.host }} + {{- if .Values.outputConfig.httpPasswd }} + HTTP_User {{ .Values.outputConfig.httpUser }} + HTTP_Passwd {{ .Values.outputConfig.httpPasswd }} + {{- end }} + Index fluentbit-workflow_log + Suppress_Type_Name On + tls {{ .Values.outputConfig.tls }} + tls.verify {{ .Values.outputConfig.tlsVerify }} + tls.verify_hostname {{ .Values.outputConfig.tlsVerifyHostname }} + {{ if .Values.outputConfig.tlsCaFile }}tls.ca_file {{ .Values.outputConfig.tlsCaFile }}{{- end }} + {{ if .Values.outputConfig.tlsCrtFile }}tls.crt_file {{ .Values.outputConfig.tlsCrtFile }}{{- end }} + {{ if .Values.outputConfig.tlsKeyFile }}tls.key_file {{ .Values.outputConfig.tlsKeyFile }}{{- end }} + {{ if .Values.outputConfig.tlsKeyPassword }}tls.key_password {{ .Values.outputConfig.tlsKeyPassword }}{{- end }} + + ## https://docs.fluentbit.io/manual/pipeline/parsers + customParsers: | + [PARSER] + Name reana-capture + Format regex + Regex /^(?[1-9:\-,\w ]+) \| (?[a-zA-Z1-9]+) \| (?[a-zA-Z1-9_\- \w\(\)]+) \| (?[a-zA-Z]+) \| (?.*)/m + extraVolumes: + - name: reana-opensearch-ca + secret: + secretName: reana-opensearch-tls-secrets + items: + - key: ca.crt + path: ca.crt + extraVolumeMounts: + - name: reana-opensearch-ca + mountPath: /fluent-bit/etc/certs + readOnly: true + priorityClassName: "reana-fluent-bit-priority-class"