mikejk8s · November 13, 2017 21:41
diff --git a/fluentd.yaml b/fluentd.yaml
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
  name: fluentd-gcp-mj
  namespace: kube-system
  labels:
    k8s-app: fluentd-gcp-mj
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: EnsureExists
    version: v2.0
 spec:
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: fluentd-gcp-mj
        kubernetes.io/cluster-service: "true"
        version: v2.0
      # This annotation ensures that fluentd does not get evicted if the node
      # supports critical pod annotation based priority scheme.
      # Note that this does not guarantee admission on the nodes (#40573).
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      dnsPolicy: Default
      containers:
      - name: fluentd-gcp-mj
        image: gcr.io/google-containers/fluentd-gcp:2.0.10
        # If fluentd consumes its own logs, the following situation may happen:
        # fluentd fails to send a chunk to the server => writes it to the log =>
        # tries to send this message to the server => fails to send a chunk and so on.
        # Writing to a file, which is not exported to the back-end prevents it.
        # It also allows to increase the fluentd verbosity by default.
        command:
          - '/bin/sh'
          - '-c'
          - '/run.sh $FLUENTD_ARGS 2>&1 >>/var/log/fluentd.log'
        env:
        - name: FLUENTD_ARGS
          value: --no-supervisor
        resources:
          limits:
            memory: 700Mi
          requests:
            cpu: 600m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: libsystemddir
          mountPath: /host/lib
          readOnly: true
        - name: config-volume
          mountPath: /etc/fluent/config.d
        # Liveness probe is aimed to help in situarions where fluentd
        # silently hangs for no apparent reasons until manual restart.
        # The idea of this probe is that if fluentd is not queueing or
        # flushing chunks for 5 minutes, something is not right. If
        # you want to change the fluentd configuration, reducing amount of
        # logs fluentd collects, consider changing the threshold or turning
        # liveness probe off completely.
        livenessProbe:
          initialDelaySeconds: 60
          periodSeconds: 60
          exec:
            command:
            - '/bin/sh'
            - '-c'
            - >
              LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
              STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
              if [ ! -e /var/log/fluentd-buffers ];
              then
                exit 1;
              fi;
              LAST_MODIFIED_DATE=`stat /var/log/fluentd-buffers | grep Modify | sed -r "s/Modify: (.*)/\1/"`;
              LAST_MODIFIED_TIMESTAMP=`date -d "$LAST_MODIFIED_DATE" +%s`;
              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $STUCK_THRESHOLD_SECONDS` ];
              then
                rm -rf /var/log/fluentd-buffers;
                exit 1;
              fi;
              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ];
              then
                exit 1;
              fi;
      - name: prometheus-to-sd-exporter
        image: gcr.io/google-containers/prometheus-to-sd:v0.2.2
        command:
          - /monitor
          - --component=fluentd
          - --stackdriver-prefix=container.googleapis.com/internal/addons
          - --whitelisted-metrics=logging_line_count,logging_entry_count
        volumeMounts:
        - name: ssl-certs
          mountPath: /etc/ssl/certs
      nodeSelector:
        beta.kubernetes.io/fluentd-ds-ready: "true"
      tolerations:
      - key: "node.alpha.kubernetes.io/ismaster"
        effect: "NoSchedule"
      - operator: "Exists"
        effect: "NoExecute"
      #TODO: remove this toleration once #44445 is properly fixed.
      - operator: "Exists"
        effect: "NoSchedule"
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
      - name: libsystemddir
        hostPath:
          path: /usr/lib64
      - name: config-volume
        configMap:
          name: fluentd-gcp-config-v1.1
      - name: ssl-certs
        hostPath:
          path: /etc/ssl/certs


 ---

 This pulls a new fluentd from a GCS bucket but they were still getting launched with the old daemonset..
 kind: DaemonSet
 apiVersion: extensions/v1beta1
 metadata:
  name: download-fluentd
  namespace: kube-system
  labels:
    app: download-fluentd
 spec:
  template:
    metadata:
      labels:
        app: download-fluentd
    spec:
      hostPID: true
      containers:
        - name: download-fluentd
          image: gcr.io/google-containers/startup-script:v1
          imagePullPolicy: Always
          securityContext:
            privileged: true
          env:
          - name: STARTUP_SCRIPT
            value: |
              #! /bin/bash
              set -o errexit
              set -o pipefail
              set -o nounset

              wget -q https://storage.googleapis.com/help-downloads/fluentd-gcp-ds.yaml -O /home/kubernetes/kube-manifests/kubernetes/gci-trusty/fluentd-gcp/fluentd-gcp-ds.yaml

 ---

 kind: DaemonSet
 apiVersion: extensions/v1beta1
 metadata:
  name: delete-fluentd
  namespace: kube-system
  labels:
    app: delete-fluentd
 spec:
  template:
    metadata:
      labels:
        app: delete-fluentd
    spec:
      hostPID: true
      containers:
        - name: delete-fluentd
          image: gcr.io/google-containers/startup-script:v1
          imagePullPolicy: Always
          securityContext:
            privileged: true
          env:
          - name: STARTUP_SCRIPT
            value: |
              #! /bin/bash
              set -o errexit
              set -o pipefail
              set -o nounset

              while :; do rm /home/kubernetes/kube-manifests/kubernetes/gci-trusty/fluentd-gcp/fluentd-gcp-ds.yaml; sleep 1; done
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: fluentd-gcp-mj
	namespace: kube-system
	labels:
	k8s-app: fluentd-gcp-mj
	kubernetes.io/cluster-service: "true"
	addonmanager.kubernetes.io/mode: EnsureExists
	version: v2.0
	spec:
	updateStrategy:
	type: RollingUpdate
	template:
	metadata:
	labels:
	k8s-app: fluentd-gcp-mj
	kubernetes.io/cluster-service: "true"
	version: v2.0
	# This annotation ensures that fluentd does not get evicted if the node
	# supports critical pod annotation based priority scheme.
	# Note that this does not guarantee admission on the nodes (#40573).
	annotations:
	scheduler.alpha.kubernetes.io/critical-pod: ''
	spec:
	dnsPolicy: Default
	containers:
	- name: fluentd-gcp-mj
	image: gcr.io/google-containers/fluentd-gcp:2.0.10
	# If fluentd consumes its own logs, the following situation may happen:
	# fluentd fails to send a chunk to the server => writes it to the log =>
	# tries to send this message to the server => fails to send a chunk and so on.
	# Writing to a file, which is not exported to the back-end prevents it.
	# It also allows to increase the fluentd verbosity by default.
	command:
	- '/bin/sh'
	- '-c'
	- '/run.sh $FLUENTD_ARGS 2>&1 >>/var/log/fluentd.log'
	env:
	- name: FLUENTD_ARGS
	value: --no-supervisor
	resources:
	limits:
	memory: 700Mi
	requests:
	cpu: 600m
	memory: 200Mi
	volumeMounts:
	- name: varlog
	mountPath: /var/log
	- name: varlibdockercontainers
	mountPath: /var/lib/docker/containers
	readOnly: true
	- name: libsystemddir
	mountPath: /host/lib
	readOnly: true
	- name: config-volume
	mountPath: /etc/fluent/config.d
	# Liveness probe is aimed to help in situarions where fluentd
	# silently hangs for no apparent reasons until manual restart.
	# The idea of this probe is that if fluentd is not queueing or
	# flushing chunks for 5 minutes, something is not right. If
	# you want to change the fluentd configuration, reducing amount of
	# logs fluentd collects, consider changing the threshold or turning
	# liveness probe off completely.
	livenessProbe:
	initialDelaySeconds: 60
	periodSeconds: 60
	exec:
	command:
	- '/bin/sh'
	- '-c'
	- >
	LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
	STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
	if [ ! -e /var/log/fluentd-buffers ];
	then
	exit 1;
	fi;
	LAST_MODIFIED_DATE=`stat /var/log/fluentd-buffers \| grep Modify \| sed -r "s/Modify: (.*)/\1/"`;
	LAST_MODIFIED_TIMESTAMP=`date -d "$LAST_MODIFIED_DATE" +%s`;
	if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $STUCK_THRESHOLD_SECONDS` ];
	then
	rm -rf /var/log/fluentd-buffers;
	exit 1;
	fi;
	if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ];
	then
	exit 1;
	fi;
	- name: prometheus-to-sd-exporter
	image: gcr.io/google-containers/prometheus-to-sd:v0.2.2
	command:
	- /monitor
	- --component=fluentd
	- --stackdriver-prefix=container.googleapis.com/internal/addons
	- --whitelisted-metrics=logging_line_count,logging_entry_count
	volumeMounts:
	- name: ssl-certs
	mountPath: /etc/ssl/certs
	nodeSelector:
	beta.kubernetes.io/fluentd-ds-ready: "true"
	tolerations:
	- key: "node.alpha.kubernetes.io/ismaster"
	effect: "NoSchedule"
	- operator: "Exists"
	effect: "NoExecute"
	#TODO: remove this toleration once #44445 is properly fixed.
	- operator: "Exists"
	effect: "NoSchedule"
	terminationGracePeriodSeconds: 30
	volumes:
	- name: varlog
	hostPath:
	path: /var/log
	- name: varlibdockercontainers
	hostPath:
	path: /var/lib/docker/containers
	- name: libsystemddir
	hostPath:
	path: /usr/lib64
	- name: config-volume
	configMap:
	name: fluentd-gcp-config-v1.1
	- name: ssl-certs
	hostPath:
	path: /etc/ssl/certs


	---

	This pulls a new fluentd from a GCS bucket but they were still getting launched with the old daemonset..
	kind: DaemonSet
	apiVersion: extensions/v1beta1
	metadata:
	name: download-fluentd
	namespace: kube-system
	labels:
	app: download-fluentd
	spec:
	template:
	metadata:
	labels:
	app: download-fluentd
	spec:
	hostPID: true
	containers:
	- name: download-fluentd
	image: gcr.io/google-containers/startup-script:v1
	imagePullPolicy: Always
	securityContext:
	privileged: true
	env:
	- name: STARTUP_SCRIPT
	value: \|
	#! /bin/bash
	set -o errexit
	set -o pipefail
	set -o nounset

	wget -q https://storage.googleapis.com/help-downloads/fluentd-gcp-ds.yaml -O /home/kubernetes/kube-manifests/kubernetes/gci-trusty/fluentd-gcp/fluentd-gcp-ds.yaml

	---

	kind: DaemonSet
	apiVersion: extensions/v1beta1
	metadata:
	name: delete-fluentd
	namespace: kube-system
	labels:
	app: delete-fluentd
	spec:
	template:
	metadata:
	labels:
	app: delete-fluentd
	spec:
	hostPID: true
	containers:
	- name: delete-fluentd
	image: gcr.io/google-containers/startup-script:v1
	imagePullPolicy: Always
	securityContext:
	privileged: true
	env:
	- name: STARTUP_SCRIPT
	value: \|
	#! /bin/bash
	set -o errexit
	set -o pipefail
	set -o nounset

	while :; do rm /home/kubernetes/kube-manifests/kubernetes/gci-trusty/fluentd-gcp/fluentd-gcp-ds.yaml; sleep 1; done