From b18edfec7a11d379896d13567e811dd98750720d Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Wed, 18 Oct 2017 14:58:32 -0700 Subject: [PATCH] Update fluentd-gcp DaemonSet - Use a dedicated service account to run the fluentd-gcp DS - Update prometheus-to-sd from v0.1.3 to v0.2.1 - Use the certificates in the prometheus-to-sd image rather than mounting the host certs --- cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml b/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml index c9cc6bd558b..254fb8cd886 100644 --- a/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml +++ b/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml @@ -1,3 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fluentd-gcp + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +--- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -23,6 +32,7 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: + serviceAccountName: fluentd-gcp dnsPolicy: Default hostNetwork: true containers: @@ -90,9 +100,6 @@ spec: - --stackdriver-prefix={{ prometheus_to_sd_prefix }}/addons - --api-override={{ prometheus_to_sd_endpoint }} - --whitelisted-metrics=stackdriver_successful_requests_count,stackdriver_failed_requests_count,stackdriver_ingested_entries_count,stackdriver_dropped_entries_count - volumeMounts: - - name: ssl-certs - mountPath: /etc/ssl/certs # END_PROMETHEUS_TO_SD nodeSelector: beta.kubernetes.io/fluentd-ds-ready: "true" @@ -118,6 +125,3 @@ spec: - name: config-volume configMap: name: fluentd-gcp-config-v1.2.2 - - name: ssl-certs - hostPath: - path: /etc/ssl/certs