diff --git a/chart/logdna-agent/Chart.yaml b/chart/logdna-agent/Chart.yaml deleted file mode 100644 index 48439376..00000000 --- a/chart/logdna-agent/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: logdna-agent -description: A Helm chart for a logdna agent - -type: application - -version: 0.1.0 diff --git a/chart/logdna-agent/templates/clusterrole.yaml b/chart/logdna-agent/templates/clusterrole.yaml deleted file mode 100644 index b170355e..00000000 --- a/chart/logdna-agent/templates/clusterrole.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "{{ .Values.metadata.name }}" - labels: - app.kubernetes.io/name: {{ .Values.metadata.name }} - app.kubernetes.io/instance: {{ .Values.metadata.name }} - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get","list", "create", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","list", "watch"] - - # Below rules are not included in the Openshift yaml so are commented out below: - # https://assets..logging.cloud.ibm.com/clients/logdna-agent//agent-resources-openshift-private.yaml - - # - apiGroups: [""] - # resources: ["nodes"] - # verbs: ["get","list", "watch"] - # - apiGroups: ["metrics.k8s.io"] - # resources: ["pods"] - # verbs: ["get","list", "watch"] - # - apiGroups: ["metrics.k8s.io"] - # resources: ["nodes"] - # verbs: ["get","list", "watch"] diff --git a/chart/logdna-agent/templates/clusterrolebinding.yaml b/chart/logdna-agent/templates/clusterrolebinding.yaml deleted file mode 100644 index 18a548de..00000000 --- a/chart/logdna-agent/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ .Values.metadata.name }}" - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ .Values.metadata.name }}" -subjects: - - kind: ServiceAccount - name: "{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} diff --git a/chart/logdna-agent/templates/daemonset.yaml b/chart/logdna-agent/templates/daemonset.yaml deleted file mode 100644 index ab6f6e22..00000000 --- a/chart/logdna-agent/templates/daemonset.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: "{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -spec: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100% - selector: - matchLabels: - app: "{{ .Values.metadata.name }}" - template: - metadata: - labels: - app: "{{ .Values.metadata.name }}" - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} - spec: - serviceAccountName: "{{ .Values.metadata.name }}" - priorityClassName: "{{ .Values.metadata.name }}-ds-priority" - initContainers: - - name: logdna-db-permissions - image: icr.io/goldeneye_images/ubi9-cluster-tools:stable - imagePullPolicy: IfNotPresent # Not setting to 'Always' as it can prevent a pod from starting if the image registry can not be reached. - command: ["sh", "-c", "chmod -R 775 {{.Values.agent.dbPath}} && chown -R 5000:5000 {{.Values.agent.dbPath}}"] - securityContext: - privileged: true - runAsUser: 0 # must run as root to set directory privileges up for agent container - volumeMounts: - - name: varliblogdna - mountPath: {{.Values.agent.dbPath}} - containers: - - name: "{{ .Values.metadata.name }}" - image: '{{ .Values.image.registry }}:{{ required "Agent version must be provided" .Values.image.version }}' - imagePullPolicy: IfNotPresent # Not setting to 'Always' as it can prevent a pod from starting if the image registry can not be reached. - securityContext: - privileged: true - # run the agent as non-root - runAsUser: 5000 - runAsGroup: 5000 - capabilities: - add: - - DAC_READ_SEARCH - drop: - - all - env: - - name: LOGDNA_INGESTION_KEY - valueFrom: - secretKeyRef: - key: logdna-agent-key - name: {{ .Values.secret.name }} - - name: LOGDNA_HOST - value: {{ .Values.env.host }} - - name: LOGDNA_LOOKBACK - value: smallfiles - {{- if .Values.agent.tags }} - - name: LOGDNA_TAGS - value: {{.Values.agent.tags}} - {{- end }} - - name: LOGDNA_DB_PATH - value: {{.Values.agent.dbPath}} - - name: LOGDNA_REDACT_REGEX - # regex to redact secret values from logs. The regex is set to match base64-encoded values for each of {"kid":, {"typ":, and {"alg":, respectively. - value: 'eyJ(?:raWQ|0eXA|hbGc)iOi[^"]+' - - name: POD_APP_LABEL - valueFrom: - fieldRef: - fieldPath: metadata.labels['app.kubernetes.io/name'] - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: NAMESPACE - value: {{ .Release.Namespace }} - {{- if .Values.agentMetadataLineInclusion }} - - name: LOGDNA_K8S_METADATA_LINE_INCLUSION - value: {{ .Values.agentMetadataLineInclusion | quote }} - {{- end }} - {{- if .Values.agentMetadataLineExclusion }} - - name: LOGDNA_K8S_METADATA_LINE_EXCLUSION - value: {{ .Values.agentMetadataLineExclusion | quote }} - {{- end }} - resources: - requests: - cpu: 20m - limits: - memory: 500Mi - volumeMounts: - - name: varlog - mountPath: /var/log - - name: vardata - mountPath: /var/data - - name: varliblogdna - mountPath: {{.Values.agent.dbPath}} - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: mnt - mountPath: /mnt - readOnly: true - - name: osrelease - mountPath: /etc/os-release - - name: logdnahostname - mountPath: /etc/logdna-hostname - volumes: - - name: varlog - hostPath: - path: /var/log - - name: vardata - hostPath: - path: /var/data - - name: varliblogdna - hostPath: - path: {{.Values.agent.dbPath}} - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: mnt - hostPath: - path: /mnt - - name: osrelease - hostPath: - path: /etc/os-release - - name: logdnahostname - hostPath: - path: /etc/hostname - tolerations: - {{- range $val := .Values.tolerations }} - - effect: {{ $val.effect | quote }} - key: {{ $val.key | quote }} - value: {{ $val.value | quote }} - operator: {{ $val.operator | quote }} - tolerationSeconds: {{ $val.tolerationSeconds }} - {{- end}} diff --git a/chart/logdna-agent/templates/priorityclass.yaml b/chart/logdna-agent/templates/priorityclass.yaml deleted file mode 100644 index 150d6e23..00000000 --- a/chart/logdna-agent/templates/priorityclass.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: "{{ .Values.metadata.name }}-ds-priority" - namespace: {{ .Release.Namespace }} -value: 1000000 -preemptionPolicy: PreemptLowerPriority -globalDefault: false -description: "Logdna Agent" diff --git a/chart/logdna-agent/templates/role.yaml b/chart/logdna-agent/templates/role.yaml deleted file mode 100644 index 1cc2b1e5..00000000 --- a/chart/logdna-agent/templates/role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: "{{ .Values.metadata.name }}" - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get","list", "create", "watch"] diff --git a/chart/logdna-agent/templates/rolebinding.yaml b/chart/logdna-agent/templates/rolebinding.yaml deleted file mode 100644 index c46894be..00000000 --- a/chart/logdna-agent/templates/rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Values.metadata.name }}" -subjects: - - kind: ServiceAccount - name: "{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} diff --git a/chart/logdna-agent/templates/scc.yaml b/chart/logdna-agent/templates/scc.yaml deleted file mode 100644 index 65ceb899..00000000 --- a/chart/logdna-agent/templates/scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" }} -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - annotations: - kubernetes.io/description: |- - hostmount-logger is similar to hostmount-anyuid, but it drops more of - the Linux SYSCAP capabilities to reduce blast radius. - name: "hostmount-logger-{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -priority: 9 -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: true -allowedCapabilities: - - DAC_READ_SEARCH -defaultAddCapabilities: null -fsGroup: - type: RunAsAny -groups: [] -readOnlyRootFilesystem: false -requiredDropCapabilities: - - MKNOD - - FSETID - - KILL - - NET_BIND_SERVICE - - NET_RAW -runAsUser: - type: RunAsAny -seLinuxContext: - type: MustRunAs - seLinuxOptions: - type: container_logreader_t -supplementalGroups: - type: RunAsAny -users: - - "system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.metadata.name }}" -volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - nfs - - persistentVolumeClaim - - projected - - secret -{{- end }} diff --git a/chart/logdna-agent/templates/secret.yaml b/chart/logdna-agent/templates/secret.yaml deleted file mode 100644 index 512f6640..00000000 --- a/chart/logdna-agent/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -data: - logdna-agent-key: '{{ required "LogDNA Ingest key must be provided" .Values.secret.key | b64enc }}' -kind: Secret -metadata: - name: {{ .Values.secret.name }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Values.metadata.name }} - app.kubernetes.io/instance: {{ .Values.metadata.name }} - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} -type: Opaque diff --git a/chart/logdna-agent/templates/serviceaccount.yaml b/chart/logdna-agent/templates/serviceaccount.yaml deleted file mode 100644 index b2d3ff88..00000000 --- a/chart/logdna-agent/templates/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Values.metadata.name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "{{ .Values.metadata.name }}" - app.kubernetes.io/instance: "{{ .Values.metadata.name }}" - # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string. - app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }} diff --git a/chart/logdna-agent/values.yaml b/chart/logdna-agent/values.yaml deleted file mode 100644 index 43408abf..00000000 --- a/chart/logdna-agent/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# NOTE: Mock values added here for helm linter to pass. Actual values are set in main.tf -metadata: - name: "logdna-agent" -image: - repository: "ext/logdna-agent" - registry: icr.io -env: - host: "logs.private.us-south.logging.cloud.ibm.com" -secret: - name: "log-analysis-agent" - key: "XXX" -agent: - tags: "" - dbPath: "/var/lib/logdna"