The fepLogging section needs to be added under spec to define required parameters for FEPLogging configuration.
Following is a sample template :
spec:
fepLogging:
elastic:
authSecret:
secretName: elastic-auth
passwordKey: password
userKey: username
host: elastic-passthrough.apps.openshift.com
logstashPrefix: postgres
port: 443
scheme: https
sslVerify: true
tls:
certificateName: elastic-cert
caName: elastic-cacert
image:
pullPolicy: IfNotPresent
mcSpec:
limits:
cpu: 500m
memory: 700Mi
requests:
cpu: 200m
memory: 512Mi
restartRequired: false
sysExtraLogging: false
scrapeInterval: 30s
scrapeTimeout: 30s
tls:
certificateName: fluentd-cert
caName: cacert
prometheus:
…Below is the list of all parameters defined in the fepLogging section, along with their brief description
Custom Resource spec | Required/Optional | Change Effect | Updating value allowed |
|---|---|---|---|
spec.fepLogging.image.image | Optional | Fluentd Image of FEPLogging | Yes |
spec.fepLogging.image.pullPolicy | Required | Fluentd Image pull policy of FEPLogging | Yes |
spec.fepLogging.mcSpec.limits.cpu | Required | Max CPU allocated to fluentd container | Yes |
spec.fepLogging.mcSpec.limits.memory | Required | Max memory allocated to fluentd container | Yes |
spec.fepLogging.mcSpec.requests.cpu | Required | CPU allocation at start for fluentd container | Yes |
spec.fepLogging.mcSpec.requests.memory | Required | Memory allocation at start for fluentd container | Yes |
spec.fepLogging.sysExtraLogging | Required | To turn on extra debugging messages for operator, set value to true. It can be turned on/off at any time | Yes |
spec.fepLogging.sysExtraEvent | Optional | To turn on event notification for changes to custom resources, set the value to true. | Yes |
spec.fepLogging.restartRequired | Required | To restart FEPLogging instance for applying any new configuration for example after certificate rotation | Yes |
spec.fepLogging.scrapeInterval | Optional | Scrape interval for Prometheus to fetch metrics from FEPLogging instance | Yes |
spec.fepLogging.scrapeTimeout | Optional | Scrape Timeout for Prometheus to fetch metrics from FEPLogging instance | Yes |
spec.fepLogging.elastic.host | Optional | Target Elasticsearch host name | Yes |
spec.fepLogging.elastic.port | Optional | Target Elasticsearch port number | Yes |
spec.fepLogging.elastic.authSecret.secretName | Optional | Secret name which contains Elasticsearch authentication username & password | Yes |
spec.fepLogging.elastic.authSecret.userKey | Optional | Username key specified in Elasticsearch authentication secret | Yes |
spec.fepLogging.elastic.authSecret.passwordKey | Optional | Password key specified in Elasticsearch authentication secret | Yes |
spec.fepLogging.elastic.logstashPrefix | Optional | Logstash prefix to differentiate index pattern in elastic search. Default value is postgres | Yes |
spec.fepLogging.elastic.auditLogstashPrefix | Optional | Logstash prefix to differentiate index pattern in elastic search for auditlog. Default value is postgres | Yes |
spec.fepLogging.elastic.scheme | Optional | Connection scheme between FEPLogging & Elasticsearch. Possible options http & https | Yes |
spec.fepLogging.elastic.sslVerify | Optional | Set to true if you want to verify ssl certificate. If set to false then will not consider TLS crtificate | Yes |
spec.fepLogging.elastic.tls.certificateName | Optional | Kubernetes secret name which holds fluentd certificate | Yes |
spec.fepLogging.elastic.tls.caName | Optional | Kubernetes configmap which holds cacert of Elasticsearch to verify Elasticsearch TLS connection | Yes |
spec.fepLogging.tls.certificateName | Optional | Kubernetes secret name which holds Fluentd certificate | Yes |
spec.fepLogging.tls.caName | Optional | Kubernetes configmap which holds cacert of Fluentd to configure MTLS between FEPLogging & Prometheus | Yes |
spec.prometheus.tls.certificateName | Optional | Kubernetes secret name which holds Prometheus certificate | Yes |
spec.prometheus.tls.caName | Optional | Kubernetes configmap which holds cacert of Fluentd to configure MTLS between FEPLogging & Prometheus | Yes |