Update fluentd-gcp DaemonSet

- Use a dedicated service account to run the fluentd-gcp DS - Update prometheus-to-sd from v0.1.3 to v0.2.1 - Use the certificates in the prometheus-to-sd image rather than mounting the host certs
2025-07-23 19:56:01 +00:00 · 2017-10-18 14:58:32 -07:00 · 2017-10-18 14:58:32 -07:00 · b18edfec7a
commit b18edfec7a
parent 76f198399b
1 changed files with 10 additions and 6 deletions
--- a/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml
+++ b/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml
@ -1,3 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fluentd-gcp
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
@ -23,6 +32,7 @@ spec:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
+      serviceAccountName: fluentd-gcp
      dnsPolicy: Default
      hostNetwork: true
      containers:
@ -90,9 +100,6 @@ spec:
          - --stackdriver-prefix={{ prometheus_to_sd_prefix }}/addons
          - --api-override={{ prometheus_to_sd_endpoint }}
          - --whitelisted-metrics=stackdriver_successful_requests_count,stackdriver_failed_requests_count,stackdriver_ingested_entries_count,stackdriver_dropped_entries_count
-        volumeMounts:
-        - name: ssl-certs
-          mountPath: /etc/ssl/certs
      # END_PROMETHEUS_TO_SD
      nodeSelector:
        beta.kubernetes.io/fluentd-ds-ready: "true"
@ -118,6 +125,3 @@ spec:
      - name: config-volume
        configMap:
          name: fluentd-gcp-config-v1.2.2
-      - name: ssl-certs
-        hostPath:
-          path: /etc/ssl/certs