change logshipper implementation (#116)

* change logshipper implementation

* bump version

* gke support

---------

Co-authored-by: Roi Kramer <roik@netapp.com>

Author: TalShafir

charts/ocean-kubernetes-controller/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: ocean-kubernetes-controller
 description: A Helm chart for Ocean Kubernetes Controller
 type: application
-version: 0.1.32
-appVersion: 2.0.52
+version: 0.1.33
+appVersion: 2.0.53
 kubeVersion: ">=1.20.0-0"
 maintainers:
   - name: spotinst

charts/ocean-kubernetes-controller/README.md

@@ -1,6 +1,6 @@
 # ocean-kubernetes-controller
 
-![Version: 0.1.32](https://img.shields.io/badge/Version-0.1.32-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.52](https://img.shields.io/badge/AppVersion-2.0.52-informational?style=flat-square)
+![Version: 0.1.33](https://img.shields.io/badge/Version-0.1.33-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.53](https://img.shields.io/badge/AppVersion-2.0.53-informational?style=flat-square)
 
 A Helm chart for Ocean Kubernetes Controller.
 
@@ -101,10 +101,10 @@ Kubernetes: `>=1.20.0-0`
 | livenessProbe.httpGet.port | string | `"readiness"` |  |
 | livenessProbe.initialDelaySeconds | int | `15` |  |
 | livenessProbe.periodSeconds | int | `20` |  |
-| logShipping | object | `{"destination":{"host":"api.spotinst.io","port":443,"tls":true},"enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/aws-observability/aws-for-fluent-bit","tag":"stable"}}` | Log Shipping configuration. |
+| logShipping | object | `{"destination":{"host":"api.spotinst.io","port":443,"tls":true},"enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"cr.fluentbit.io/fluent/fluent-bit","tag":"3.0.1"}}` | Log Shipping configuration. |
 | logShipping.destination | object | `{"host":"api.spotinst.io","port":443,"tls":true}` | Log shipping destination configuration. |
 | logShipping.enabled | bool | `true` | Specifies whether to send the controller logs to Spot for analysis. (Optional) |
-| logShipping.image | object | `{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/aws-observability/aws-for-fluent-bit","tag":"stable"}` | Specifies the log shipping container image. (Optional) |
+| logShipping.image | object | `{"pullPolicy":"IfNotPresent","repository":"cr.fluentbit.io/fluent/fluent-bit","tag":"3.0.1"}` | Specifies the log shipping container image. (Optional) |
 | metrics-server.args | list | `["--logtostderr"]` | Arguments to pass to metrics-server on start up. (Optional) |
 | metrics-server.deployChart | bool | `true` | Specifies whether the metrics-server chart should be deployed. (Optional) |
 | metrics-server.image.pullPolicy | string | `"IfNotPresent"` |  |
@@ -118,12 +118,13 @@ Kubernetes: `>=1.20.0-0`
 | podSecurityContext.runAsGroup | int | `10001` |  |
 | podSecurityContext.runAsNonRoot | bool | `true` |  |
 | podSecurityContext.runAsUser | int | `10001` |  |
-| priorityClassName | string | `"system-cluster-critical"` |  |
+| priorityClassName | string | `"system-node-critical"` | Priority class name for the controller pod. |
 | readinessProbe.httpGet.path | string | `"/readyz"` |  |
 | readinessProbe.httpGet.port | string | `"readiness"` |  |
 | readinessProbe.initialDelaySeconds | int | `5` |  |
 | readinessProbe.periodSeconds | int | `10` |  |
 | replicas | int | `2` | Configure the amount of replicas for the controller (Optional) |
+| resourceQuota | object | `{"enabled":true}` | Resource Quota configuration. Required when running in a namespace other than kube-system in GKE. Ref: https://kubernetes.io/docs/concepts/policy/resource-quotas/ |
 | resources | object | `{}` |  |
 | schedulerName | string | `""` |  |
 | secret.create | bool | `true` | Controls whether a Secret should be created. (Optional) |
@@ -140,7 +141,7 @@ Kubernetes: `>=1.20.0-0`
 | spotinst.clusterIdentifier | string | `""` | Unique identifier used by the Ocean Controller to connect (Required) between the Ocean backend and the Kubernetes cluster. Ref: https://docs.spot.io/ocean/tutorials/spot-kubernetes-controller/ |
 | spotinst.disableAutoUpdate | bool | `false` | Disable auto update. (Optional) |
 | spotinst.disableAutomaticRightSizing | bool | `false` | Disable automatic RightSizing. (Optional) |
-| spotinst.enableCsrApproval | bool | `false` | Enable CSR approval. (Optional) |
+| spotinst.enableCsrApproval | bool | `true` | Enable CSR approval. (Optional) |
 | spotinst.proxyUrl | string | `""` | Proxy URL. (Optional) |
 | spotinst.token | string | `""` | Spot Token. (Required) Ref: https://docs.spot.io/administration/api/create-api-token |
 | tolerations | string | `nil` | Tolerations for nodes that have taints on them. (Optional) Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |

charts/ocean-kubernetes-controller/templates/auto-update/role.yaml

@@ -54,6 +54,12 @@ rules:
   resources: [ "rolebindings" ]
   resourceNames: [ {{ include "ocean-kubernetes-controller.fullname" . }} ]
   verbs: [ "get", "patch" ]
+{{- if and (ne .Release.Namespace "kube-system") .Values.resourceQuota.enabled }}
+- apiGroups: [ "" ]
+  resources: [ "resourcequotas" ]
+  resourceNames: [ {{ include "ocean-kubernetes-controller.fullname" . }} ]
+  verbs: [ "get", "patch" ]
+{{- end }}
 
 # Metrics Server requires
 {{- if (index .Values "metrics-server" "deployChart") }}

charts/ocean-kubernetes-controller/templates/clusterrole.yaml

@@ -64,7 +64,7 @@ rules:
 # ---------------------------------------------------------------------------
 - apiGroups: ["certificates.k8s.io"]
   resources: ["certificatesigningrequests"]
-  verbs: ["get", "list", "delete", "create"]
+  verbs: ["get", "list", "delete", "create", "watch"]
 - apiGroups: ["certificates.k8s.io"]
   resources: ["certificatesigningrequests/approval"]
   verbs: ["patch", "update"]

charts/ocean-kubernetes-controller/templates/configmap.yaml

@@ -26,9 +26,50 @@ data:
     [INPUT]
         Name            tail
         Path            /var/log/controller.logs
-        Parser          klog
+        Parser          json
         Buffer_Max_Size 2MB
         Skip_Long_Lines On
+        Skip_Empty_Lines On
+        Refresh_Interval 10
+
+    # rename msg -> message , level -> l
+    [FILTER]
+        Name       modify
+        Match      *
+        Rename     msg message
+        Rename     level l
+
+    # info -> INFO
+    [FILTER]
+        Name       modify
+        Match      *
+
+        Condition Key_Value_Equals l info
+        SET l INFO
+
+    # debug -> DEBUG
+    [FILTER]
+        Name       modify
+        Match      *
+
+        Condition Key_Value_Equals l debug
+        SET l DEBUG
+
+    # trace -> TRACE
+    [FILTER]
+        Name       modify
+        Match      *
+
+        Condition Key_Value_Equals l trace
+        SET l TRACE
+
+    # error -> ERROR
+    [FILTER]
+        Name       modify
+        Match      *
+
+        Condition Key_Value_Equals l error
+        SET l ERROR
 
     # nest all fields under log key
     [FILTER]
@@ -38,13 +79,6 @@ data:
         Wildcard   *
         Nest_Under log
 
-    # covert log level (E -> ERROR, I -> INFO)
-    [FILTER]
-        Name Lua
-        Match *
-        call covert_log_lvl
-        code function covert_log_lvl(tag, timestamp, record) new_record = record local newLvl = "INFO" if record["log"]["l"] == "E" then newLvl = "ERROR" end new_record["log"]["l"] = newLvl return 1, timestamp, new_record end
-
     # stringify log field
     [FILTER]
         Name Lua
@@ -64,11 +98,7 @@ data:
         Retry_Limit no_retries
   parsers.conf: |
     [PARSER]
-        Name        klog
-        Format      regex
-        Time_Key    time
-        Time_Keep   true
-        Time_Format %H:%M:%S.%L
-        Regex       (?<l>\S)(?<month>\d{2})(?<day>\d{2})\s(?<time>\d{2}:\d{2}:\d{2}\.\d{6})\s*(?<thread>\d*)\s(?<file>[^\]]*)\]\s(?<message>.*)
+        Name        json
+        Format      json
   {{- end }}
 {{- end }}

charts/ocean-kubernetes-controller/templates/deployment.yaml

@@ -21,6 +21,7 @@ spec:
         # This will restart the deployment in case of configmap/secret changes
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
 
         {{- with .Values.podAnnotations }}
           {{- toYaml . | nindent 8 }}
@@ -54,12 +55,9 @@ spec:
             - {{ . }}
           {{- end }}
           {{- if eq (include "ocean-kubernetes-controller.logShipping.enabled" .) "true" }}
+          - --log_to_file
           - --log_file=/var/log/controller.logs
-          - --logtostderr=false
-          - --skip_log_headers=true
           - --log_file_max_size=1
-          - --stderrthreshold=INFO
-          - -v=2
           {{- end }}
           env:
           - name: SPOTINST_TOKEN

charts/ocean-kubernetes-controller/values.yaml

@@ -22,7 +22,7 @@ spotinst:
   # -- Disable auto update. (Optional)
   disableAutoUpdate: false
   # -- Enable CSR approval. (Optional)
-  enableCsrApproval: false
+  enableCsrApproval: true
   # -- Disable automatic RightSizing. (Optional)
   disableAutomaticRightSizing: false
 
@@ -83,7 +83,13 @@ podSecurityContext:
   runAsGroup: 10001
   fsGroup: 10001
 
-priorityClassName: system-cluster-critical
+# -- Priority class name for the controller pod.
+priorityClassName: system-node-critical
+
+# -- Resource Quota configuration. Required when running in a namespace other than kube-system in GKE.
+# Ref: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+resourceQuota:
+  enabled: true
 
 # Container Security Context
 securityContext:
@@ -196,8 +202,8 @@ logShipping:
 
   # -- Specifies the log shipping container image. (Optional)
   image:
-    repository: public.ecr.aws/aws-observability/aws-for-fluent-bit
-    tag: "stable"
+    repository: cr.fluentbit.io/fluent/fluent-bit
+    tag: "3.0.1"
     pullPolicy: IfNotPresent
 
   # -- Log shipping destination configuration.