Parameters

The parent key for all of the following parameters is openshift4_logging.

See the OpenShift docs for details.

namespace

type

string
default

openshift-logging

The namespace in which to install the operator.

version

type

string
default

5.8

The logging stack version to deploy. This parameter is used in the default values for parameters channel and alerts.

We recommend that you use this parameter to specify the logging stack version which the component should deploy. However, you can still parameters channel and alerts directly.

See the OpenShift Logging life cycle documentation for supported versions of the logging stack. We recommend that you select a version of the logging stack that’s officially listed as compatible with your OpenShift version.

channel

type

string
default

stable-${openshift4_logging:version}

Channel of the operator subscription to use. If you specify the logging stack version through parameter version, you shouldn’t need to modify this parameter.

Ideally we would just default to the stable channel, as that channel will always be backed by a logging stack version compatible with the OpenShift cluster version by the OpenShift marketplace operator. However, since there’s potential for changes in configuration between logging stack versions which need to be managed through the component, we default to using the stable-6.x channel matching the version specified in parameter version.

See the OpenShift documentation for details.

alerts

` === release

type

string
default

release-${openshift4_logging:version}

Release version of the alerting rules. If you specify the logging stack version through parameter version, you shouldn’t need to modify this parameter.

The component uses this parameter to determine the version to download for both Elasticsearch Operator and fluentd alert rules.

Generally, the value for parameter alerts should match the value for parameter channel: if you specify channel: stable-5.5, you should use alerts: release-5.5.

RedHat moved the YAML file containing the alert rules between cluster-logging version 5.4 and 5.5. To ensure the component can deploy alert rules for version 5.5, we’ve implemented support for the different file locations through a lookup map in the component class. However, due to limitations of reclass, there’s no way to specify a fallback value in case the lookup map doesn’t contain a key. Because of this, the component no longer automatically supports new versions of the logging stack.

alerts.ignore

type

list
default

[]

This parameter can be used to disable alerts provided by openshift cluster-logging-operator. The component supports removing entries in this parameter by providing the entry prefixed with ~.

alerts.patch

type

dictionary
default

{}

The parameter alerts.patch allows users to customize upstream alerts.

components.lokistack

Configuration of the lokistack component. See subsections for supported keys.

components.lokistack.enabled

type

boolean
default

true

Whether to deploy the LokiStack on the cluster.

components.lokistack.internalAppLogsEnabled

type

boolean
default

true

Whether to send application logs to the internal lokistack.

components.lokistack.clusterReaderLogAccess

type

list
default 
- application
- infrastructure

A list of log categories (supported values are application, infrastructure and audit) which can be viewed by users which have cluster-reader permissions. Entries in the list can be removed in the hierarchy by prefixing them with ~.

We don’t grant access to audit logs to cluster-reader by default since audit logs can contain sensitive information.

components.lokistack.logStore

type

dictionary
default 
logStore:
  access_key_id: ''
  access_key_secret: ''
  endpoint: ''
  bucketnames: '${cluster:name}-logstore'

A dictionary holding the connection information for the s3 storage used by the lokistack.

See the Openshift Docs or Lokistack Operator Docs for available parameters.

components.lokistack.spec

type

dictionary
default 
spec:
  size: 1x.pico
  storage:
    schemas:
      - version: v13
        effectiveDate: '2022-09-01'
    secret:
      type: s3
      name: loki-logstore
  storageClassName: ''
  tenants:
    mode: openshift-logging

A dictionary holding the .spec for the LokiStack resource.

The component configures fluentd as the default log forwarder. The default chunk size limit in fluentd is 8 MiB which the burst size limit of 9 MiB accounts for. The ingestion rate defines the MiB/s limit for a tenant. OpenShift Logging uses the following three tenants:

  • application

  • audit

  • infrastructure

The max allowed volume for a tenant per day can be calculated with the following formula:

\$"volumePerDay"_"tenant" ("in GiB/s") = ("ingestionRate"_"tenant" ("in MiB/s") * 60 * 60 * 24) / 1024\$

The default of 5 MiB/s allows up to ~420 GiB of logs per day for a tenant.

See the Openshift Docs for available parameters. See the Loki Operator Docs for available Lokistack specs.

components.logmetrics

Configuration of the logfile metrics component. See subsections for supported keys.

components.logmetrics.enabled

type

boolean
default

false

Whether to deploy the LogFileMetricsExporter on the cluster.

components.logmetrics.spec

type

dictionary
default 
spec:
  nodeSelector: (1)
    node-role.kubernetes.io/infra: ''
  resources: (2)
    limits:
      cpu: 500m
      memory: 256Mi
    requests:
      cpu: 200m
      memory: 128Mi
1 configure nodeSelector
2 configure resources

Exporter to collect metrics about container logs being produced in a kubernetes environment It publishes log_logged_bytes_total metric in prometheus.

clusterLogForwarder

type

dictionary
default

{}

A dictionary holding the .spec for cluster log forwarding.

See the OpenShift docs for available parameters.

secrets

type

dict
default

{}

A dict of secrets to create in the namespace. The key is the name of the secret, the value is the content of the secret. The value must be a dict with a key stringData which is a dict of key/value pairs to add to the secret.

configMaps

type

dict
default

{}

A dict of configmaps to create in the namespace. The key is the name of the configmap, the value is the content of the configmap. The value must be a dict with a key data which is a dict of key/value pairs to add to the configmap.

operatorResources

type

dictionary
default

see defaults.yml

A dictionary holding the .spec.config.resources for OLM subscriptions maintained by this component.

Examples

Forward logs for all application logs to third-party

clusterLogForwarder:
  outputs:
    splunk-forwarder:
      type: splunk
      splunk:
        authentication:
          token:
            key: hecToken
            secretName: splunk-forwarder
        url: https://splunk-server:8088
  pipelines:
    application-logs:
      outputRefs:
        - splunk-forwarder

secrets:
  splunk-forwarder:
    type: Opaque
    stringData:
      hecToken: 'super-secret-token'

Forward logs for certain namespaces to third-party

clusterLogForwarder:
  inputs:
    my-apps:
      application:
        namespaces:
          - my-namespace
  outputs:
    splunk-forwarder:
      type: splunk
      splunk:
        authentication:
          token:
            key: hecToken
            secretName: splunk-forwarder
        url: https://splunk-server:8088
  pipelines:
    my-apps:
      inputRefs:
        - my-apps
      outputRefs:
        - splunk-forwarder

secrets:
  splunk-forwarder:
    type: Opaque
    stringData:
      hecToken: 'super-secret-token'