312 lines
8.2 KiB
Plaintext
312 lines
8.2 KiB
Plaintext
---
|
|
####### Cairn plugin
|
|
# log collection
|
|
# https://vector.dev/docs/setup/installation/platforms/kubernetes/
|
|
# https://github.com/timberio/vector/blob/master/distribution/kubernetes/vector-agent/resources.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: cairn-vector
|
|
labels:
|
|
app.kubernetes.io/name: cairn-vector
|
|
automountServiceAccountToken: true
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: cairn-vector
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: cairn-vector
|
|
labels:
|
|
app.kubernetes.io/name: cairn-vector
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cairn-vector
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: cairn-vector
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: cairn-vector
|
|
labels:
|
|
app.kubernetes.io/name: cairn-vector
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: cairn-vector
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: cairn-vector
|
|
spec:
|
|
serviceAccountName: cairn-vector
|
|
# Run vector next to LMS
|
|
affinity:
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- lms
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: cairn-vector
|
|
image: docker.io/timberio/vector:0.13.X-alpine
|
|
env:
|
|
- name: VECTOR_SELF_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: VECTOR_SELF_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: VECTOR_SELF_POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: PROCFS_ROOT
|
|
value: /host/proc
|
|
- name: SYSFS_ROOT
|
|
value: /host/sys
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /var/lib/vector
|
|
- name: var-log
|
|
mountPath: /var/log/
|
|
readOnly: true
|
|
- mountPath: /etc/vector/vector.toml
|
|
name: config
|
|
subPath: k8s.toml
|
|
readOnly: true
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: cairn-vector
|
|
- name: var-log
|
|
hostPath:
|
|
path: /var/log/
|
|
- name: config
|
|
configMap:
|
|
name: cairn-vector-config
|
|
{% if CAIRN_RUN_CLICKHOUSE %}
|
|
---
|
|
# data storage
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-clickhouse
|
|
labels:
|
|
app.kubernetes.io/name: cairn-clickhouse
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-clickhouse
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-clickhouse
|
|
spec:
|
|
containers:
|
|
- name: cairn-clickhouse
|
|
image: {{ CAIRN_CLICKHOUSE_DOCKER_IMAGE }}
|
|
volumeMounts:
|
|
- mountPath: /var/lib/clickhouse
|
|
name: data
|
|
- mountPath: /etc/clickhouse-server/users.d/cairn.xml
|
|
name: user-config
|
|
subPath: cairn.xml
|
|
- mountPath: /scripts/clickhouse-auth.json
|
|
name: clickhouse-auth
|
|
subPath: auth.json
|
|
ports:
|
|
- containerPort: 8123
|
|
- containerPort: 9000
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: cairn-clickhouse
|
|
- name: user-config
|
|
configMap:
|
|
name: cairn-clickhouse-user-config
|
|
- name: clickhouse-auth
|
|
configMap:
|
|
name: cairn-clickhouse-auth
|
|
{% endif %}
|
|
---
|
|
# cairn frontend
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-superset
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-superset
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset
|
|
spec:
|
|
containers:
|
|
- name: cairn-superset
|
|
image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }}
|
|
volumeMounts:
|
|
- mountPath: /app/superset_config.py
|
|
name: config
|
|
subPath: superset_config.py
|
|
- mountPath: /app/bootstrap/
|
|
name: bootstrap
|
|
- mountPath: /scripts/clickhouse-auth.json
|
|
name: clickhouse-auth
|
|
subPath: auth.json
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: cairn-superset-config
|
|
- name: bootstrap
|
|
configMap:
|
|
name: cairn-superset-bootstrap
|
|
- name: clickhouse-auth
|
|
configMap:
|
|
name: cairn-clickhouse-auth
|
|
---
|
|
# frontend worker
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-superset-worker
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset-worker
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-superset-worker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset-worker
|
|
spec:
|
|
containers:
|
|
- name: cairn-superset-worker
|
|
image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }}
|
|
args: ["celery", "worker", "--app=superset.tasks.celery_app:app", "-Ofair", "-l", "INFO"]
|
|
volumeMounts:
|
|
- mountPath: /app/superset_config.py
|
|
name: config
|
|
subPath: superset_config.py
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: cairn-superset-config
|
|
---
|
|
# frontend celery beat
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-superset-worker-beat
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset-worker-beat
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-superset-worker-beat
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-superset-worker-beat
|
|
spec:
|
|
containers:
|
|
- name: cairn-superset-worker-beat
|
|
image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }}
|
|
args: ["celery", "beat", "--app=superset.tasks.celery_app:app", "--pidfile", "/tmp/celerybeat.pid", "-l", "INFO", "--schedule=/tmp/celerybeat-schedule"]
|
|
volumeMounts:
|
|
- mountPath: /app/superset_config.py
|
|
name: config
|
|
subPath: superset_config.py
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: cairn-superset-config
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-redis
|
|
labels:
|
|
app.kubernetes.io/name: cairn-redis
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-redis
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-redis
|
|
spec:
|
|
containers:
|
|
- name: cairn-superset-worker
|
|
image: docker.io/redis:5.0-alpine
|
|
ports:
|
|
- containerPort: 6379
|
|
{% if CAIRN_RUN_POSTGRESQL %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cairn-postgresql
|
|
labels:
|
|
app.kubernetes.io/name: cairn-postgresql
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cairn-postgresql
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cairn-postgresql
|
|
spec:
|
|
containers:
|
|
- name: cairn-postgresql
|
|
image: docker.io/postgres:9.6-alpine
|
|
env:
|
|
- name: POSTGRES_USER
|
|
value: "{{ CAIRN_POSTGRESQL_USER }}"
|
|
- name: POSTGRES_PASSWORD
|
|
value: "{{ CAIRN_POSTGRESQL_PASSWORD }}"
|
|
- name: POSTGRES_DB
|
|
value: "{{ CAIRN_POSTGRESQL_DB }}"
|
|
# The following is required, otherwise postgresql refuses to
|
|
# write to the non-empty directory which contains "lost+found".
|
|
- name: PGDATA
|
|
value: /var/lib/postgresql/data/pgdata
|
|
ports:
|
|
- containerPort: 5432
|
|
volumeMounts:
|
|
- mountPath: /var/lib/postgresql/data
|
|
name: data
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: cairn-postgresql
|
|
{% endif %}
|
