[incubator/fluentd] Generalize chart to work with different backends

[goruha]

What

• Made working with environment variables flexible
• Made Fluentd be daemon set
• Remove health check
• Parametrise config mount dir
• Mount host logs into the container

Why

• Make chart be flexible enough to work with different fluentd containers (ex. fluentd-cloudwatch)
• To store secrets private
• DeamonSet allow collecting logs from all nodes
• Not all fluentd containers support health checks
• Different fluentd containers expect configs in a different paths
• Allow collecting host logs with fluentd in_tail

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: goruha
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: prydonius

Assign the PR to them by writing /assign @prydonius in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[goruha]

/assign @prydonius

[prydonius]

/assign @rendhalver

[rendhalver]

Why are you switching this to a DaemonSet?
There is an fluentd-elasticsearch chart that does exactly this.

[goruha]

that's true.
I'd like to make chart general enough for the different use of fluentd.
there are already fluentd-elasticsearch, fluentd-clouwatch.
I use fluentd chart with datadog.
It seems to be a mistake to create a chart for each type of backend.
What do you think about?

[rendhalver]

I like the idea but if we are going to replace all three charts with one it needs to be flexible and configurable enough to do what each of those chart do already without reducing the functionality the current Charts.
I wrote this one to replace logstash in my Elastic-Stack cluster so it didn't need to be a DaemonSet or need access to node logs.

[mattfarina]

Two things...

1. If you're going to use something from the workloads api (e.g., DaemonSet) use it from the apps API group. Extensions should not be used anymore.
2. I like the idea of a fluentd chart that can have handle being installed with various backends. Yet, having different ones for each backend is ok, too. But, we should pick one way and stay consistent with it. If there is one it should cleanly handle all the cases and needs for all of them.

[rendhalver]

If the DaemonSet can be still used as part of a Service then that works for me.
We use this chart to route logs from devices outside our cluster to an ES cluster in Kube so I would like to keep that functionality.

[osterman]

(nitpick: deamonset.yaml misspelled)

[osterman]

If the DaemonSet can be still used as part of a Service then that works for me

A Service works by selecting Pods according to a selector so it's compatible with DaemonSets which create pods. A Service doesn't care (or know) how the Pods were created.

[rendhalver]

OK awesome. Thank you.

[rendhalver]

See above. You are basically turning this into the fluentd-elasticsearch chart.
If you are trying to merge these two please make these mounts optional.
There are uses for fluentd that don't involve container logs.

[goruha]

@rendhalver would it be problem if we will mount logs inside container that do not require them?
I think we need mount logs always and simplify chart install

[rendhalver]

Why?
It's two extra lines to exclude the mounts.
Not every implementation needs them and not all pods should have access to them.

[osterman]

configMap would be more clear

[goruha]

@osterman env shows that we config container with environment variables

[rendhalver]

I agree with @osterman.
Config maps are clearer.

[goruha]

@osterman @rendhalver can you provide the example of the structure that would you prefer?
I can not get what is the problem

[monotek]

Deamonsets are not really updateable as most of the fields are immutable. So using a damon set should be optional.

[goruha]

@monotek we will use https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/

[goruha]

@osterman @mattfarina @monotek @rendhalver
I addressed your comments and provide readme with examples how to use this chart with different backends.
Hope you would find chart flexible enough and ready to release

[monotek]

@goruha
I still think daemonset or deployment should be optional.
Maybe one don't wants to use it for kubernetes / docker logs but for sending app logs to the fluentd forward plugin on port 24224.
In this case 1 pod created via a deployment would be enough.

[rendhalver]

I agree with @monotek here too.
We should have the option of running as a DaemonSet or a Deployment.

[rendhalver]

This should be dependent on whether the logs are mounted.
If the pod doersn't need access to the logs if shouldn't have root access.

[rendhalver]

Why not just have one less level here and put the env vars in env.
Are you planning on putting anything else in this array?

[goruha]

@rendhalver can you provide example what structure do you prefer?

[rendhalver]

env: instead of env.open:
one less level to the data structure

[rendhalver]

Why remove this?
We have health checks for a reason.
Do we not want to know if the pods are functioning correctly before we route traffic to them?

[goruha]

Because liveness probe required config to provide the endpoint for the check.
Not all containers support such configuration.
Instead of that, I disabled supervisor mode, so pod will failed if something goes wrong.
https://github.com/kubernetes/charts/pull/5357/files#diff-6ec61ff69620bf74339bd25610e91021R20

[rendhalver]

I don't see how that achieves the same ends.

[rendhalver]

See above.

[goruha]

See above

[monotek]

Imho we should also provide 2 configmaps for optional deployment / daemonset.

If deployment is used I'm pretty sure most of the current config is unwanted.

[goruha]

I think we try to mix different purpose charts.
My suggestion is to have 2 charts

• fluentd - for fluentd as independent software (so leave this chart as is and close PR)
• fluentd_kubernetes - run fluentd to collect kubernetes logs and forward it to different backends (create a new chart with separate PR)

What do you think about ?
@monotek @osterman @mattfarina @rendhalver @prydonius

[monotek]

Imho if different fluentd images has to be used (output plugins) we should also use different charts.

[rendhalver]

We have separate charts for the different usages.
We currently have multiple charts for the logging that send to different backends.

Calling the logging chart fluentd_kubernetes isn't the best choice of name, fluentd-logging or fluentd-container-logging would be a better name and more explicitly explains what it does.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[stale]

This issue is being automatically closed due to inactivity.