Hello,
By default vector-operator deploys vector agent volumes with read-write permissions. Volumes such as /var/log, /var/lib should be read-only.
My helm chart:
image:
repository: kaasops/vector-operator
tag: ""
pullPolicy: IfNotPresent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 50Mi
vector:
enable: true
name: "vector"
useApiServerCache: true
agent:
image: timberio/vector:0.46.0-debian
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
api:
enabled: true
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 100m
memory: 50Mi
Daemonset:
Name: vector-agent
Selector: app.kubernetes.io/component=Agent,app.kubernetes.io/instance=vector,app.kubernetes.io/managed-by=vector-operator,app.kubernetes.io/name=vector
Node-Selector: <none>
Labels: app.kubernetes.io/component=Agent
app.kubernetes.io/instance=vector
app.kubernetes.io/managed-by=vector-operator
app.kubernetes.io/name=vector
Annotations: deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 6
Current Number of Nodes Scheduled: 6
Number of Nodes Scheduled with Up-to-date Pods: 6
Number of Nodes Scheduled with Available Pods: 6
Number of Nodes Misscheduled: 0
Pods Status: 6 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app.kubernetes.io/component=Agent
app.kubernetes.io/instance=vector
app.kubernetes.io/managed-by=vector-operator
app.kubernetes.io/name=vector
Service Account: vector-agent
Containers:
vector-agent:
Image: timberio/vector:0.46.0-debian
Port: 9598/TCP
Host Port: 0/TCP
Args:
--config-dir
/etc/vector
--watch-config
Limits:
cpu: 2
memory: 2Gi
Requests:
cpu: 100m
memory: 50Mi
Environment:
VECTOR_SELF_NODE_NAME: (v1:spec.nodeName)
VECTOR_SELF_POD_NAME: (v1:metadata.name)
VECTOR_SELF_POD_NAMESPACE: (v1:metadata.namespace)
PROCFS_ROOT: /host/proc
SYSFS_ROOT: /host/sys
Mounts:
/etc/vector from config (rw)
/host/proc from procfs (rw)
/host/sys from sysfs (rw)
/run/log/journal from journal (rw)
/var/lib/ from var-lib (rw)
/var/log/ from var-log (rw)
/vector-data-dir from data (rw)
Volumes:
var-log:
Type: HostPath (bare host directory volume)
Path: /var/log/
HostPathType:
journal:
Type: HostPath (bare host directory volume)
Path: /var/log/journal
HostPathType:
var-lib:
Type: HostPath (bare host directory volume)
Path: /var/lib/
HostPathType:
config:
Type: Secret (a volume populated by a Secret)
SecretName: vector-agent
Optional: false
data:
Type: HostPath (bare host directory volume)
Path: /var/lib/vector
HostPathType:
procfs:
Type: HostPath (bare host directory volume)
Path: /proc
HostPathType:
sysfs:
Type: HostPath (bare host directory volume)
Path: /sys
HostPathType:
Node-Selectors: <none>
Tolerations: node-role.kubernetes.io/control-plane:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-sgzvp
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-d8sfp
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-ktwcg
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-5rpsw
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-2n5jg
Normal SuccessfulCreate 61s daemonset-controller Created pod: vector-agent-dfr6z
Hello,
By default vector-operator deploys vector agent volumes with read-write permissions. Volumes such as /var/log, /var/lib should be read-only.
My helm chart:
Daemonset: