Updated fluentd-cloudwatch code from PR 211

kenden · kenden · commit 9f365428cc94 · 2017-09-19T11:22:07.000+02:00
The configuration is now inside the container (from PR comment: helm#211 (comment)), I then removed the configMap holding the config. The AWS keys are added as secrets from files, using Files.Glob (from PR comment helm#211 (comment))
diff --git a/incubator/fluentd-cloudwatch/Chart.yaml b/incubator/fluentd-cloudwatch/Chart.yaml
@@ -7,10 +7,12 @@ keywords:
 - logging
 sources:
 - https://github.com/kubernetes/charts
-- https://github.com/18F/cg-deploy-kubernetes
+- https://github.com/fluent/fluentd-kubernetes-daemonset
 maintainers:
 - name: Josh Carp
   email: jm.carp@gmail.com
 - name: Michael Haselton
   email: michael.haselton@gmail.com
+- name: Quentin Nerden
+  email: quentin.nerden@stylight.com
 engine: gotpl
diff --git a/incubator/fluentd-cloudwatch/README.md b/incubator/fluentd-cloudwatch/README.md
@@ -21,6 +21,7 @@ This chart bootstraps a [Fluentd](https://www.fluentd.org/) [Cloudwatch](https:/
 To install the chart with the release name `my-release`:
 
 ```console
+$ # edit secrets/aws_access_key_id and secrets/aws_access_key_id with the key/password of a AWS user with a policy to access  Cloudwatch
 $ helm install --name my-release incubator/fluentd-cloudwatch
 ```
 
@@ -42,15 +43,15 @@ The following tables lists the configurable parameters of the Fluentd Cloudwatch
 
 | Parameter                  | Description                                | Default                                                    |
 | -------------------------- | ------------------------------------------ | ---------------------------------------------------------- |
-| `image`                    | Image                                      | `18fgsa/fluentd-cloudwatch`                                |
-| `imageTag`                 | Image tag                                  | `0.1.0`                                                    |
-| `imagePullPolicy`          | Image pull policy                          | `Always` if `imageTag` is `latest`, else `IfNotPresent`    |
+| `image`                    | Image                                      | `fluent/fluentd-kubernetes-daemonset`                                |
+| `imageTag`                 | Image tag                                  | `v0.12.33-cloudwatch`                                                    |
+| `imagePullPolicy`          | Image pull policy                          | `Always` if `imageTag` is `imagePullPolicy`    |
 | `resources.limits.cpu`     | CPU limit                                  | `100m`                                                     |
 | `resources.limits.memory`  | Memory limit                               | `200Mi`                                                    |
 | `resources.requests.cpu`   | CPU request                                | `100m`                                                     |
 | `resources.requests.memory`| Memory request                             | `200Mi`                                                    |
 | `hostNetwork`              | Host network                               | `false`                                                    |
-| `annotations`              | Annotations                                | `nil`                                                      |
+| `annotations` (removed for now) | Annotations                                | `nil`                                                      |
 | `awsRegion`                | AWS Cloudwatch region                      | `us-east-1`                                                |
 | `logGroupName`             | AWS Cloudwatch log group                   | `kubernetes`                                               |
 
@@ -67,6 +68,3 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 $ helm install --name my-release -f values.yaml stable/fluentd-cloudwatch
 ```
-
-### ConfigMap Files
-FluentD is configured through [td-agent.conf](http://docs.fluentd.org/articles/config-file). This file (and any others listed in `tdAgentFiles`) will be mounted into the `fluentd` pod.
diff --git a/incubator/fluentd-cloudwatch/secrets/aws_access_key_id b/incubator/fluentd-cloudwatch/secrets/aws_access_key_id
@@ -0,0 +1 @@
+<AWS_ACCESS_KEY_ID>
diff --git a/incubator/fluentd-cloudwatch/secrets/aws_secret_access_key b/incubator/fluentd-cloudwatch/secrets/aws_secret_access_key
@@ -0,0 +1 @@
+<AWS_SECRET_ACCESS_KEY>
diff --git a/incubator/fluentd-cloudwatch/templates/NOTES.txt b/incubator/fluentd-cloudwatch/templates/NOTES.txt
@@ -1,6 +1,6 @@
 To verify that Fluentd Cloudwatch has started, run:
 
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "name" . }},release={{ .Release.Name }}"
 
 THIS APPLICATION CAPTURES ALL CONSOLE OUTPUT AND FORWARDS IT TO AWS CLOUDWATCH. Anything that might be identifying,
 including things like IP addresses, container images, and object names will NOT be anonymized.
diff --git a/incubator/fluentd-cloudwatch/templates/configmap.yaml b/incubator/fluentd-cloudwatch/templates/configmap.yaml
diff --git a/incubator/fluentd-cloudwatch/templates/daemonset.yaml b/incubator/fluentd-cloudwatch/templates/daemonset.yaml
@@ -3,47 +3,51 @@ kind: DaemonSet
 metadata:
   name: {{ template "fullname" . }}
   labels:
-    app: {{ template "fullname" . }}
+    app: {{ template "name" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: "{{ .Release.Service }}"
     release: "{{ .Release.Name }}"
 spec:
-  selector:
-    matchLabels:
-      app: {{ template "fullname" . }}
   template:
     metadata:
       labels:
-        app: {{ template "fullname" . }}
+        app: {{ template "name" . }}
         release: "{{ .Release.Name }}"
       annotations:
 {{ toYaml .Values.annotations | indent 8 }}
     spec:
       containers:
-      - name: fluentd-cloudwatch
+      - name: {{ template "fullname" . }}
         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
-        imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
-        hostNetwork: {{ default false .Values.hostNetwork }}
+        imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
+        #hostNetwork: {{ default false .Values.hostNetwork }}
         env:
         - name: AWS_REGION
           value: {{ .Values.awsRegion }}
         - name: LOG_GROUP_NAME
           value: {{ .Values.logGroupName }}
+
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              key: aws_access_key_id
+              name: {{ template "fullname" . }}
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              key: aws_secret_access_key
+              name: {{ template "fullname" . }}
+
         resources:
 {{ toYaml .Values.resources | indent 10 }}
         volumeMounts:
-        - name: config-volume
-          mountPath: /etc/td-agent
         - name: varlog
           mountPath: /var/log
         - name: varlibdockercontainers
           mountPath: /var/lib/docker/containers
           readOnly: true
       terminationGracePeriodSeconds: 30
       volumes:
-      - name: config-volume
-        configMap:
-          name: {{ template "fullname" . }}
       - name: varlog
         hostPath:
           path: /var/log
diff --git a/incubator/fluentd-cloudwatch/templates/secrets.yaml b/incubator/fluentd-cloudwatch/templates/secrets.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+{{ (.Files.Glob "secrets/*").AsSecrets | indent 2 }}
diff --git a/incubator/fluentd-cloudwatch/values.yaml b/incubator/fluentd-cloudwatch/values.yaml
