Update documentation for 2.2.0 #42
Conversation
Signed-off-by: Jacob Hull <jacob@planethull.com>
| ## Installing | ||
|
|
||
| The agent can be effortless installed in your cluster using a set of yamls we provide. These yamls contain the minimum necessary Kubernetes Objects and settings to run the agent. Teams should review and modify these yamls for the specific needs of their clusters. | ||
|
|
There was a problem hiding this comment.
it's a nit, but we need to say either "YAML files" or ".yml files"... can't just say "yamls". ;-)
There was a problem hiding this comment.
Updated all references to correctly specify YAML files
There was a problem hiding this comment.
"Objects" shouldn't be capitalized
There was a problem hiding this comment.
Fixed this and other capitalization errors around Kubernetes primitives.
| * [Installing](#installing) | ||
| * [Prerequisites](#prerequisites) | ||
| * [Installing on Kubernetes](#installing-on-kubernetes) | ||
| * [Deploying](#deploying) | ||
| * [Building](#building) |
There was a problem hiding this comment.
@jakedipity as we discussed in Slack, I think we need the words "installing" and "upgrading" in here somewhere. I still feel deployment is a separate act from installing and upgrading, and... SEO. ;-)
Perhaps we title this section "Installation, Upgrade, and Deployment" then do exactly as you already have in the section, link off to each of the separate files for k8s and OS.
There was a problem hiding this comment.
There's no two separate steps for deploying and installing in our documentation - they're one and the same. Deploying is a better term for it but we've been going with installing for a while.
I added some text in the install step to reference both installing and deploying.
There was a problem hiding this comment.
I'd agree with "deploying" as well. It's the whole process. Also "Running as Non-Root"? (parallel)
There was a problem hiding this comment.
Fixed the parallel issue. Leaving the Installing for now to see what @tanberry has to say
docs/README.md
Outdated
| * [Installing](#installing) | ||
| * [Prerequisites](#prerequisites) | ||
| * [Installing on Kubernetes](#installing-on-kubernetes) | ||
| * [Deploying](#deploying) | ||
| * [Building](#building) | ||
| * [Building on Linux](#building-on-linux) | ||
| * [Building on Docker](#building-on-docker) | ||
| * [Configuration](#configuration) | ||
| * [Options](#options) |
There was a problem hiding this comment.
As discussed, let's add a section here for "Run as non-root user" and then link to both files (k8s and OS).
docs/README.md
Outdated
| * `never` - Never capture Events | ||
| * __Note:__ The default option is `always` | ||
|
|
||
| > :warning: Due to a number of issues with Kubernetes, the agent collects events from the entire cluster including multiple nodes. To prevent duplicate logs when running multiple pods, the agents defer responsibilty of capturing Events to the oldest pod in the cluster. If that pod is killed, the next oldest pod will take over responsibility and continue from where the previous pod left off. |
There was a problem hiding this comment.
let's try to find a word other than "issues" here. Perhaps say something like "Doe to the native Kubernetes networking configurations, the agent collects..." or "... the default Kubernetes configuration..."
There was a problem hiding this comment.
I've updated this to directly call out the issue in question
docs/KUBERNETES.md
Outdated
|
|
||
| ## Installing | ||
|
|
||
| The agent can be effortless installed in your cluster using a set of yamls we provide. These yamls contain the minimum necessary Kubernetes Objects and settings to run the agent. Teams should review and modify these yamls for the specific needs of their clusters. |
There was a problem hiding this comment.
"can be effortlessly installed"
There was a problem hiding this comment.
Fixed by removing the subjective word
docs/KUBERNETES.md
Outdated
| * **Example Configuration Yamls:** | ||
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) | ||
| * [v2.0.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-v2.yaml) | ||
| * **Differences:** This configuration does not include the new logdna-agent namespace and is lacking a number of new Kubernetes Objects. |
There was a problem hiding this comment.
Maybe "Differences with latest Agent v2"
There was a problem hiding this comment.
I think the documentation will be easier to maintain and more robust if we don't specify the current version the docs refer to.
There was a problem hiding this comment.
Agreed with @jakedipity . I'd say better to use terminology that's absolute (agent 1.x.x, 2.0.x) instead of relative "latest Agent v2"
There was a problem hiding this comment.
And "Objects" shouldn't be capitalized.
There was a problem hiding this comment.
I'm torn on this one. The fact that our docs are currently very clearly split between Agent v1 and Agent v2 docs makes it ok, even necessary, to be explicit about which one we are referring to.
Going forward, once we have the Agent names based on OS/env instead of version, I plan to bust in and quickly update the all docs to reflect that, and purge the old version-based names.
So for now... I feel we could say "Differences with previous Agent v2". BUt not a big deal either way, as readers will kow they are reading about v2.
There was a problem hiding this comment.
Fix the "Objects"
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) | ||
| * [v2.0.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-v2.yaml) | ||
| * **Differences:** This configuration does not include the new logdna-agent namespace and is lacking a number of new Kubernetes Objects. | ||
| * **Upgrade Steps:** |
There was a problem hiding this comment.
It's a little unclear with sub 1. 2. etc. Can you add in some headers?
There was a problem hiding this comment.
I don't understand the ask here
There was a problem hiding this comment.
I think what he's saying is that maybe 1, 2 under "1" is unclear. I don't see that. However, a, b, c are generally used. Also for 2, I'd just say "Remove the old DaemonSet in the default namespace by running 'blah blah blah'" Better to eliminate the substep when there's only one.
I'd also go with Install the latest agent.
There was a problem hiding this comment.
oh. I think he means ordered lists with sub-steps? Like it should be:
- XXX
a. xxx
b. xxx - XXX
There was a problem hiding this comment.
ughhhh looks like markdown doesn't support that style I proposed above. That's crazy.
Well, you could use bullets for the sub-steps, though that isn't best practices in tech docs, since bullets are for items where the order doesn;t matter, and the order does matter here.
There was a problem hiding this comment.
AFAIK I can't control the notation used for lists. Fixed the unnecessary substep here and somewhere else. Changed the last step to to how you suggested.
There was a problem hiding this comment.
Yup, keeping it numbered / roman numerated for that reason
docs/KUBERNETES.md
Outdated
| ``` | ||
|
|
||
| The specific tag you should use depends on your requirements, we offer a list of tags for varying compatibility: | ||
| 1. `stable` - Updates with each major, minor, and patch version updates |
There was a problem hiding this comment.
don't we also have a latest tag?
docs/KUBERNETES.md
Outdated
| ### Enabling Journald on the Node | ||
|
|
||
| Follow the steps below to ensure journald logs are written to `/var/log/journald`: | ||
| 1. Gain root access to your node |
There was a problem hiding this comment.
by root access you mean at least global read right?
There was a problem hiding this comment.
This doesn't pertain to the agent's container and running as a non-root user. This is for administrators to directly enable journald logging on the node itsself. They will require READ+WRITE permissions for some systemd configuration files and root is the easiest option to get that.
docs/OPENSHIFT.md
Outdated
| @@ -0,0 +1,186 @@ | |||
| # LogDNA Agent on OpenShift | |||
|
|
|||
| The agent has been tested on OpenShift 4.4, but should be compatible with any OpenShift cluster packaged with Kubernetes version 1.9 or greater. | |||
There was a problem hiding this comment.
let's just recommend on OpenShift 4.4+ — because the customer doesn't care if you've tested or not, just a guarantee that it works with X version
There was a problem hiding this comment.
Sounds good, also this should be 4.6 and not 4.4
docs/OPENSHIFT.md
Outdated
|
|
||
| ## Installing | ||
|
|
||
| The agent can be effortless installed in your cluster using a set of yamls we provide. These yamls contain the minimum necessary OpenShift Objects and settings to run the agent. Teams should review and modify these yamls for the specific needs of their clusters. |
There was a problem hiding this comment.
yeah true... we need to avoid subjective words like "effortless" and "easy" and "fast."
docs/OPENSHIFT.md
Outdated
| ``` | ||
|
|
||
| The specific tag you should use depends on your requirements, we offer a list of tags for varying compatibility: | ||
| 1. `stable` - Updates with each major, minor, and patch version updates |
docs/README.md
Outdated
|
|
||
| ### Preamble | ||
| The agent has been tested for deployment to Kubernetes 1.9+ and OpenShift 4.6+ environments. |
There was a problem hiding this comment.
let's say something along the lines of "this agent supports X version"
| @@ -97,7 +81,7 @@ The resulting image can be found by listing the images: | |||
| ```console | |||
| foo@bar:~$ docker images | |||
| REPOSITORY TAG IMAGE ID CREATED SIZE | |||
| <none> <none> f541543bcd7f 64 seconds ago 119MB | |||
| logdna-agent-v2 dcd54a0 e471b3d8a409 22 seconds ago 135MB | |||
| ``` | |||
|
|
|||
| ## Configuration | |||
There was a problem hiding this comment.
can you add a third column title? also the spacing can be changed so that the second column has more width
There was a problem hiding this comment.
Added more width, but didn't understand what you meant with the first ask
There was a problem hiding this comment.
Well, I'd say we just show what appears when you run the command...
docs/README.md
Outdated
|
|
||
| * A LogDNA Account. Create an account with LogDNA by following our [quick start guide](https://docs.logdna.com/docs/logdna-quick-start-guide). | ||
| * A LogDNA Ingestion Key. You can get your ingestion key at the top of [your account's Add a Log Source page](https://app.logdna.com/pages/add-host). | ||
| ### More Information |
There was a problem hiding this comment.
Thanks for adding in mention of "non-root" here.
For the title, maybe "Additional Installation Options"?
Tho... journald... is that really an install option or a configuration option? I'm not sure why journald gets listed here but not Lookback, for example?
There was a problem hiding this comment.
I went with your first suggestion of raising the non-root section directly. It does seem like an important feature for cluster maintainers so I do see the case for raising it directly in the landing page documentation.
The configuration section of the Journald feature is environment agnostic and only talks about the feature as it pertains to the agent. If you understand how journald works, you can use that information to do whatever they want with the feature.
The environment specific journald setup instructions talk about how to actually enable journald in their perspective environments. They're actual instructions.
docs/OPENSHIFT.md
Outdated
|
|
||
| ## Installing | ||
|
|
||
| The agent can be effortless installed in your cluster using a set of yamls we provide. These yamls contain the minimum necessary OpenShift Objects and settings to run the agent. Teams should review and modify these yamls for the specific needs of their clusters. |
There was a problem hiding this comment.
yeah true... we need to avoid subjective words like "effortless" and "easy" and "fast."
jakedipity
force-pushed
the
docs
branch
2 times, most recently
from
32d37b8 to
81cc8de
Compare
…iles` 2. Removed the screenshot from `docs/README.md` 3. Add back section for running as non-root to `docs/README.md` 4. Updated the reference to Kubernetes issues to specifically outline the "won't fix" bug 5. Add `latest` to list of tags 6. Keep OpenShift support info simple: agent supports 4.6 7. Remove subjective word: `effortlessly` 8. Fix some typos and other issues Signed-off-by: Jacob Hull <jacob@planethull.com>
docs/KUBERNETES.md
Outdated
|
|
||
| ### Installation Steps | ||
|
|
||
| 1. Navigate to the root directory of the cloned `logdna-agent` repository. |
docs/KUBERNETES.md
Outdated
| logdna-agent-hcvhn 1/1 Running 0 10s | ||
| ``` | ||
|
|
||
| > :warning: By default the agent will run as root. To run the agent as a non-root user, check out the [run as non-root section](#run-as-non-root). |
There was a problem hiding this comment.
I'd write "refer to "Run as Non-Root" below" (prob bad markup. @tanberry ?
There was a problem hiding this comment.
Thought it sounded too casual, fixed.
docs/KUBERNETES.md
Outdated
|
|
||
| ## Upgrading | ||
|
|
||
| There are two components that can be upgraded independent of each other for each new version of the agent. While not strictly required, we always recommend upgrading both components together. |
There was a problem hiding this comment.
There are two components--blah and blah--that can be... ? And "independently" I believe.
There was a problem hiding this comment.
I list the components now and fixed the spelling mistake
docs/KUBERNETES.md
Outdated
|
|
||
| There are two components that can be upgraded independent of each other for each new version of the agent. While not strictly required, we always recommend upgrading both components together. | ||
|
|
||
| ### Upgrading the Configuration |
There was a problem hiding this comment.
"the Agent Configuration"? "your Configuration"? Not a fan of "the"
There was a problem hiding this comment.
Agent feels heavily implied at this point. Changed "the" to "your"; makes sense as these are direct instructions for the reader.
docs/KUBERNETES.md
Outdated
|
|
||
| ### Upgrading the Configuration | ||
|
|
||
| Not every version update of the agent makes a change to our supplied configuration YAML files. These changes will be outlined in our release page to help you determine if you need to update your configuration. |
There was a problem hiding this comment.
"requires a change"? "results in a change"? I'd also say "If there are changes, they will be outlined..." (and point to the release page)
docs/KUBERNETES.md
Outdated
|
|
||
| Not every version update of the agent makes a change to our supplied configuration YAML files. These changes will be outlined in our release page to help you determine if you need to update your configuration. | ||
|
|
||
| Due to how the agent has evolved over time, certain versions of the agent configuration YAML files require different paths to be updated successfully. |
There was a problem hiding this comment.
"different steps?" And maybe "Depending on which version of the agent you're using, different steps are required to update it" or something similar? And I hate to add a bunch of comments, so below is it "version of the configuration" or "version of the agent?"
I see what we're trying to say here. Perhaps "YAML files for older versions of our agent" or something below?
There was a problem hiding this comment.
Simplified the statement per your example. Not sure what reference to version is confusing, they all seem to point to the version of the configuration.
| @@ -97,7 +81,7 @@ The resulting image can be found by listing the images: | |||
| ```console | |||
| foo@bar:~$ docker images | |||
| REPOSITORY TAG IMAGE ID CREATED SIZE | |||
| <none> <none> f541543bcd7f 64 seconds ago 119MB | |||
| logdna-agent-v2 dcd54a0 e471b3d8a409 22 seconds ago 135MB | |||
| ``` | |||
|
|
|||
| ## Configuration | |||
There was a problem hiding this comment.
Well, I'd say we just show what appears when you run the command...
docs/README.md
Outdated
| @@ -125,12 +119,14 @@ The agent accepts configuration from two sources, environment variables and a co | |||
| |`LOGDNA_INCLUSION_RULES`<br>**Deprecated**: `LOGDNA_INCLUDE`|Comma separated list of glob patterns to includes files for monitoring <sup>1</sup>|`*.log,!(*.*)`| | |||
| |`LOGDNA_INCLUSION_REGEX_RULES`<br>**Deprecated**: `LOGDNA_INCLUDE_REGEX`|Comma separated list of regex patterns to exclude files from monitoring|| | |||
| |`LOGDNA_JOURNALD_PATHS`|Comma separated list of paths (directories or files) of journald paths to monitor|| | |||
| |`LOGDNA_LOOKBACK`|The lookback strategy on startup|`smallfiles`| | |||
| |`LOGDNA_LOG_K8S_EVENTS`|Whether the agent shoudl capture Kubernetes Events|`always`| | |||
There was a problem hiding this comment.
"should" and I'm not sure if "events" is capitalized. Don't think so.
docs/README.md
Outdated
|
|
||
| To configure the kubernetes daemonset, copy the [logdna-agent yaml](../k8s/logdna-agent.yaml) and modify the `env` section. For example, to change the hostname add the following: | ||
| To configure the DaemonSet, make modifications to the envs section of the DameonSet [`spec.template.spec.containers.0.env`]. For example, to change the hostname add the following environment variable to the `env` list: |
There was a problem hiding this comment.
"modify " instead of "make modifications to"
There was a problem hiding this comment.
sorry. I'm so used to trying to meet those minimum word counts :D
docs/README.md
Outdated
|
|
||
| Beginning with version 2.2 of the agent, the Dockerfile supports running the agent as a non-root user. This behavior; however, is not the default as to make the new version backwards compatible with old versions of the agent yamls. Make the following changes to your DaemonSet to run the agent as non-root: | ||
| The lookback strategy determines how the agent handles existing container logs on startup. This strategy is determined by `LOGDNA_LOOKBACK`. There's a limited set of valid values for this option: |
There was a problem hiding this comment.
I'd eliminate "there's a limited set" - it sounds like a weakness that way.
There was a problem hiding this comment.
Removed most traces of weakness 💪
docs/README.md
Outdated
|
|
||
| ### Configuring Events | ||
|
|
||
| Kubernetes and OpenShift Events are by default automatically captured by the agent. This feature can be controlled by the `LOGDNA_LOG_K8S_EVENTS` option with only two valid values: |
There was a problem hiding this comment.
You can control this with the following values for the 'LOGDNA_LOG_K8S_EVENTS option:
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
docs/KUBERNETES.md
Outdated
| ## Upgrading | ||
|
|
||
| There are two components that can be upgraded independent of each other for each new version of the agent. While not strictly required, we always recommend upgrading both components together. | ||
|
|
There was a problem hiding this comment.
We definitely need to state what those two components are, by their names.
Otherwise, we leave the reader hanging, perhaps anxiously. ;)
There was a problem hiding this comment.
This is why I rarely got better than a B+ on my college essays :). fixed
| #### Upgrading from Configuration v1.x.x or v2.0.x | ||
|
|
||
| * **Example Configuration Yamls:** | ||
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) |
There was a problem hiding this comment.
ah sorry, my search function was case sensitive :P. fixed
docs/KUBERNETES.md
Outdated
| * **Example Configuration Yamls:** | ||
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) | ||
| * [v2.0.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-v2.yaml) | ||
| * **Differences:** This configuration does not include the new logdna-agent namespace and is lacking a number of new Kubernetes Objects. |
There was a problem hiding this comment.
I'm torn on this one. The fact that our docs are currently very clearly split between Agent v1 and Agent v2 docs makes it ok, even necessary, to be explicit about which one we are referring to.
Going forward, once we have the Agent names based on OS/env instead of version, I plan to bust in and quickly update the all docs to reflect that, and purge the old version-based names.
So for now... I feel we could say "Differences with previous Agent v2". BUt not a big deal either way, as readers will kow they are reading about v2.
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) | ||
| * [v2.0.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-v2.yaml) | ||
| * **Differences:** This configuration does not include the new logdna-agent namespace and is lacking a number of new Kubernetes Objects. | ||
| * **Upgrade Steps:** |
There was a problem hiding this comment.
oh. I think he means ordered lists with sub-steps? Like it should be:
- XXX
a. xxx
b. xxx - XXX
| * [v1.x.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-ds.yaml) | ||
| * [v2.0.x](https://raw.githubusercontent.com/logdna/logdna-agent/master/logdna-agent-v2.yaml) | ||
| * **Differences:** This configuration does not include the new logdna-agent namespace and is lacking a number of new Kubernetes Objects. | ||
| * **Upgrade Steps:** |
There was a problem hiding this comment.
ughhhh looks like markdown doesn't support that style I proposed above. That's crazy.
Well, you could use bullets for the sub-steps, though that isn't best practices in tech docs, since bullets are for items where the order doesn;t matter, and the order does matter here.
docs/KUBERNETES.md
Outdated
|
|
||
| ## Run as Non-Root | ||
|
|
||
| By default the agent is configured to run as root. If this behavior is not desired, the DaemonSet can be modified to run the agent as a non-root user. |
There was a problem hiding this comment.
Add "user" to the first sentence, please.
"By default the agent is configured to run as root user."
Also, let's sepecify exactly where/which DaemonSet needs to be modified... I got a bit confused in third paragraph between the "local configuration file" and the "DaemonSet inside of `k8s/agent-resources.yaml".
There was a problem hiding this comment.
Already talked about this bit in a DM, but just sharing here again:
That change would imply the existence of multiple root users when in fact there's just one and it's generally referred to by as just root.
Also removed the reference to local configuration file to make it less confusing
docs/KUBERNETES.md
Outdated
|
|
||
| By default the agent is configured to run as root. If this behavior is not desired, the DaemonSet can be modified to run the agent as a non-root user. | ||
|
|
||
| This is accomplished through Linux Capabilities that makes the agent a "Capability-dumb binary." Specifically, the agent is only allowed global read access with `CAP_DAC_READ_SEARCH`. This capability is already baked into the image and configuration. The only required step is configuring the agent DaemonSet to run as the user and group `5000:5000`. |
There was a problem hiding this comment.
I did a ton of googling on whether or not Capabilities should be capitalized, and it looks like No.
There was a problem hiding this comment.
Appreciate the thoroughness and accuracy! fixed
| This is accomplished through Linux Capabilities that makes the agent a "Capability-dumb binary." Specifically, the agent is only allowed global read access with `CAP_DAC_READ_SEARCH`. This capability is already baked into the image and configuration. The only required step is configuring the agent DaemonSet to run as the user and group `5000:5000`. | ||
|
|
||
| To update the local configuration file, add two new fields, `runAsUser` and `runAsGroup`, to the `securityContext` section found in the `logdna-agent` container in the `logdna-agent` DaemonSet inside of `k8s/agent-resources.yaml` [`spec.template.spec.containers.0.securityContext`]: | ||
|
|
There was a problem hiding this comment.
So is this what they want to end up with?
++++
securityContext:
capabilities:
add:
- DAC_READ_SEARCH
- runAsUser
- runAsGroup
drop:
- all
There was a problem hiding this comment.
I'm hesitant to reference what the updated yaml will look like. This doesn't take into account what the customer might have added themselves and is likely to fall behind as new changes are made to the yamls. But I also understand why it's helpful to have it.
There was a problem hiding this comment.
beta yaml update @c-nixon
docs/README.md
Outdated
|
|
||
| Add two new fields, `runAsUser` and `runAsGroup`, to the `securityContext` section found in the `logdna-agent` container in the `logdna-agent` DaemonSet [`spec.template.spec.containers.0.securityContext`]: | ||
| * `start` - Always start at the beginning of the files. |
There was a problem hiding this comment.
We need to tell them where they add the desired value. Is it in the YAML file?
There was a problem hiding this comment.
The section above, Configuring the Environment tells them where and how to make their changes.
docs/README.md
Outdated
| * `start` - Always start at the beginning of the files. | ||
| * `smallfiles` - If the file is less than 8KiB, start at the beginning. Otherwise, start at the end. | ||
| * `none` - Always start at the end of the files. | ||
| * __Note:__ The default option is `smallfiles` |
There was a problem hiding this comment.
This sentence doesn't work for my brain. Do you mean "When the agent restarts, begin tailing at the point-in-time ..."??
There was a problem hiding this comment.
You kind of have to combine the information here with the statement above: The lookback strategy determines how the agent handles existing files on startup.
So on startup the agent will either tail from the beginning of a file, the end of a file, or by the 8KiB heuristic.
docs/README.md
Outdated
| * `never` - Never capture events | ||
| * __Note:__ The default option is `always` | ||
|
|
||
| > :warning: Due to a ["won't fix" bug in the Kubernetes API](https://github.com/kubernetes/kubernetes/issues/41743), the agent collects events from the entire cluster including multiple nodes. To prevent duplicate logs when running multiple pods, the agents defer responsibilty of capturing events to the oldest pod in the cluster. If that pod is killed, the next oldest pod will take over responsibility and continue from where the previous pod left off. |
There was a problem hiding this comment.
Consider this rewrite:
"Due to a "won't fix" bug in the Kubernetes API, the LogDNA agent collects events from the entire cluster, including multiple nodes. To prevent duplicate logs when running multiple pods, the LogDNA agents on each pod defer responsibility of capturing events to the agent on the oldest pod in the cluster. If that pod is down, the LogDNA agent on the next oldest pod will take over responsibility and continue from where the previous pod left off.
There was a problem hiding this comment.
Made this change mostly, made some slight tweaks:
the LogDNA agents on each pod=>the LogDNA agent podsthe LogDNA agent on the next oldest pod=>the next oldest LogDNA agent pod
I understand the distinction you're trying to make. I think these changes weed out some wordiness and keep the same distinctions :). lmk what you think
| ### Configuring Events | ||
|
|
||
| Kubernetes and OpenShift events are by default automatically captured by the agent. This feature can be controlled by the `LOGDNA_LOG_K8S_EVENTS` option with only two valid values: | ||
|
|
There was a problem hiding this comment.
Consider this instead, which highlights the "by default"part and avoids passive voice:
"By default, the LogDNA agent captures Kubernetes events (and Openshift events, as well, since Openshift is built on Kubernetes clusters).
To control whether the LogDNA agent collects Kubernetes events, configure the LOGDNA_LOG_K8S_EVENTS option using one of these two values:"
+++++
Also, we need to tell readers WHERE to configure the LOGDNA_LOG_K8S_EVENTS option.
There was a problem hiding this comment.
@jakedipity where exactly do they configure the LOGDNA_LOG_K8S_EVENTS option? Is in the logdna.yaml file? I couldn't find it there.
There was a problem hiding this comment.
Yeh, it's in the k8s yaml env section, I think this should be fairly intuitive based on how the rest of the configuration is done
| Take a look at enabling journald monitoring for [Kubernetes](KUBERNETES.md#collecting-node-journald-logs) or [OpenShift](OPENSHIFT.md#collecting-node-journald-logs). | ||
|
|
||
| ### Configuring Events | ||
|
|
There was a problem hiding this comment.
Let's add a bit about what the Kube Events resource is:
"A Kubernetes event is exactly what it sounds like: a resource type that is automatically generated when state changes occur in other resources, or when errors or other messages manifest across the system. Monitoring events is useful for debugging your Kubernetes cluster.
There was a problem hiding this comment.
Makes sense to add and that's a very nice to read paragraph 👍
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
Signed-off-by: Jacob Hull <jacob@planethull.com>
| oc new-project logdna-agent | ||
| oc create serviceaccount logdna-agent | ||
| oc create secret generic logdna-agent-key --from-literal=logdna-agent-key=<YOUR LOGDNA INGESTION KEY> | ||
| oc adm policy add-scc-to-user privileged system:serviceaccount:logdna-agent:logdna-agent |
There was a problem hiding this comment.
Just testing if we can avoid this and get away with one of the less powerful SCCs. Watch this space
There was a problem hiding this comment.
Nope, doesn't look like it's possible, we may need a custom SCC or something. This is how fluentd does it, so at least we're not doing anything worse than they are
There was a problem hiding this comment.
@c-nixon is line 39 where the config for marking the OpenShift container as privileged? Since we didn't have time to find a better home for this info, I am going to add a Note below that in order to run as non-root, you need to verify that your OS Container is set to privileged. And I want to cross-reference this line 39.
There was a problem hiding this comment.
It always need to run as privileged, non-root or not, it's what openshift requires if you want to access the host
| ```console | ||
| kubectl apply -f k8s/agent-namespace.yaml | ||
| kubectl create secret generic logdna-agent-key -n logdna-agent --from-literal=logdna-agent-key=<YOUR LOGDNA INGESTION KEY> | ||
| kubectl apply -f k8s/agent-resources.yaml |
There was a problem hiding this comment.
Will we need to update this to the beta yamls? @c-nixon
| * **Upgrade Steps:** | ||
| 1. If you have changes you want to persist to the new DaemonSet, backup the old DaemonSet. | ||
| 1. Run `kubectl get daemonset -o yaml logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources.yaml`. |
There was a problem hiding this comment.
Another one for the beta yaml? @c-nixon
| 1. If you have changes you want to persist to the new DaemonSet, backup the old DaemonSet. | ||
| 1. Run `kubectl get daemonset -o yaml -n logdna-agent logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources.yaml`. | ||
| 2. Apply the latest configuration YAML file; run `kubectl apply -f k8s/agent-resources.yaml`. |
There was a problem hiding this comment.
beta yaml update @c-nixon
| Apply the updated configuration to your cluster: | ||
|
|
||
| ```console | ||
| kubectl apply -f k8s/agent-resources.yaml |
| ``` | ||
| * If you are modifying a YAML file: | ||
| 1. Add the new environment variable to the envs section of the DaemonSet object in `k8s/agent-resources.yaml` [`spec.template.spec.containers.0.env`]. | ||
| 2. Apply the new configuration file, run `kubectl apply -f k8s/agent-resources.yaml`. |
There was a problem hiding this comment.
beta yaml for 190 and 191 @c-nixon
| ``` | ||
| 3. Create the remaining resources: | ||
| ```console | ||
| oc apply -f k8s/agent-resources-openshift.yaml |
There was a problem hiding this comment.
I'm assuming the openshift yamls will be tagged with beta too @c-nixon
| * **Upgrade Steps:** | ||
| 1. If you have changes you want to persist to the new DaemonSet, backup the old DaemonSet. | ||
| 1. Run `oc get daemonset -o yaml logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources-openshift.yaml`. |
| 1. Run `oc get daemonset -o yaml logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources-openshift.yaml`. | ||
| 2. If you want to continue using journald, follow the steps for [enabling journald monitoring on the agent](#enabling-journald-monitoring-on-the-agent). | ||
| 3. Overwrite the DaemonSet as well as create the new OpenShift objects; run `oc apply -f k8s/agent-resources-openshift.yaml`. |
|
|
||
| This is accomplished through Linux capabilities and turning the agent binary into a "capability-dumb binary." The binary is given `CAP_DAC_READ_SEARCH` to read all files on the file system. The image already comes with this change and the necessary user and group. The only required step is configuring the agent DaemonSet to run as the user and group `5000:5000`. | ||
|
|
||
| Add two new fields, `runAsUser` and `runAsGroup`, to the `securityContext` section found in the `logdna-agent` container in the `logdna-agent` DaemonSet inside of `k8s/agent-resources-openshift.yaml` [`spec.template.spec.containers.0.securityContext`]: |
| Apply the updated configuration to your cluster: | ||
|
|
||
| ```console | ||
| oc apply -f k8s/agent-resources-openshift.yaml |
| ``` | ||
| * If you are modifying a YAML file: | ||
| 1. Add the new environment variable to the envs section of the DaemonSet object in `k8s/agent-resources-openshift.yaml` [`spec.template.spec.containers.0.env`]. | ||
| 2. Apply the new configuration file, run `oc apply -f k8s/agent-resources-openshift.yaml`. |
There was a problem hiding this comment.
177 and 178 beta yaml @c-nixon
There was a problem hiding this comment.
These ones refer to github, so they should be ok, I think it's only the cdn ones that we'll have issues with
| ### Configuring Events | ||
|
|
||
| Kubernetes and OpenShift events are by default automatically captured by the agent. This feature can be controlled by the `LOGDNA_LOG_K8S_EVENTS` option with only two valid values: | ||
|
|
There was a problem hiding this comment.
@jakedipity where exactly do they configure the LOGDNA_LOG_K8S_EVENTS option? Is in the logdna.yaml file? I couldn't find it there.
| The upgrade path for the image depends on which image tag you are using in your DaemonSet. | ||
|
|
||
| If your DaemonSet is configured with `logdna/logdna-agent:stable`, our default configuration setting, then you just need to delete the pods to trigger them to recreate and pull down the latest stable version of the logdna-agent image. | ||
|
|
There was a problem hiding this comment.
@alfeng6 I need your help clarifying what exactly the phrase "latest stable version" means. Can we point to a specific URL, or at very least use words to explain what we mean.
| kubectl apply -f https://assets.logdna.com/clients/agent-resources.yaml | ||
| ``` | ||
| * Version specific upgrade paths | ||
| * Collecting system logs through Journald | ||
|
|
||
| ## Building | ||
|
|
There was a problem hiding this comment.
Change title to be more descriptive: ##Building the Image for Agent v2.2
| REPOSITORY TAG IMAGE ID CREATED SIZE | ||
| <none> <none> f541543bcd7f 64 seconds ago 119MB | ||
| REPOSITORY TAG IMAGE ID CREATED SIZE | ||
| logdna-agent-v2 dcd54a0 e471b3d8a409 22 seconds ago 135MB | ||
| ``` |
There was a problem hiding this comment.
@c-nixon please remove the section about building on Linux (per Padilla and Stephen reviews), and make sure Docker is uppercase and has trademark symbol after the first mention. The markdown for the trademark symbol is "Docker®"
Also, please add two commands BEFORE the make build-image command... the three commands that they need to run are:
git clone https://github.com/logdna/logdna-agent-v2.git
cd logdna-agent-v2
make build image
| * [Building on Linux](#building-on-linux) | ||
| * [Building on Docker](#building-on-docker) | ||
| * [Building on Linux](#building-on-linux) | ||
| * [Building on Docker](#building-on-docker) |
There was a problem hiding this comment.
@c-nixon Please remove the whole line "Building on Linux."
| ``` | ||
| 3. Create the remaining resources: | ||
| ```console | ||
| oc apply -f k8s/agent-resources-openshift.yaml |
There was a problem hiding this comment.
@c-nixon does this yaml file name need to change, to point to Beta one?
| * **Upgrade Steps:** | ||
| 1. If you have changes you want to persist to the new DaemonSet, backup the old DaemonSet. | ||
| 1. Run `oc get daemonset -o yaml logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources-openshift.yaml`. |
There was a problem hiding this comment.
@c-nixon here's another yaml name change?
| 1. Run `oc get daemonset -o yaml logdna-agent > old-logdna-agent-daemon-set.yaml`. | ||
| 2. Copy any desired changes from `old-logdna-agent-daemon-set.yaml` to the DaemonSet object in `k8s/agent-resources-openshift.yaml`. | ||
| 2. If you want to continue using journald, follow the steps for [enabling journald monitoring on the agent](#enabling-journald-monitoring-on-the-agent). | ||
| 3. Overwrite the DaemonSet as well as create the new OpenShift objects; run `oc apply -f k8s/agent-resources-openshift.yaml`. |
There was a problem hiding this comment.
@c-nixon another yaml file change...
| oc new-project logdna-agent | ||
| oc create serviceaccount logdna-agent | ||
| oc create secret generic logdna-agent-key --from-literal=logdna-agent-key=<YOUR LOGDNA INGESTION KEY> | ||
| oc adm policy add-scc-to-user privileged system:serviceaccount:logdna-agent:logdna-agent |
There was a problem hiding this comment.
@c-nixon is line 39 where the config for marking the OpenShift container as privileged? Since we didn't have time to find a better home for this info, I am going to add a Note below that in order to run as non-root, you need to verify that your OS Container is set to privileged. And I want to cross-reference this line 39.
| ## Run as Non-Root | ||
|
|
||
| By default the agent is configured to run as root; however, the DaemonSet can be modified to run the agent as a non-root user. | ||
|
|
There was a problem hiding this comment.
Please replace first sentence with the following (and tweak as needed):
"By default the agent is configured to run as root; however, you can modify DaemonSet in the YAML file to run the agent as a non-root user.
And please add this Note on a separate line:
- NOTE: To run as non-root, your OpenShift container must be marked as
privileged.
There was a problem hiding this comment.
You can also modify the DaemonSet directly on the cluster, without touching the YAML file, so I think it's better to leave that bit out
Signed-off-by: Jacob Hull jacob@planethull.com