apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: eventrouter-template
annotations:
description: "A pod forwarding kubernetes events to OpenShift Logging stack."
tags: "events,EFK,logging,cluster-logging"
objects:
- kind: ServiceAccount (1)
apiVersion: v1
metadata:
name: eventrouter
namespace: ${NAMESPACE}
- kind: ClusterRole (2)
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: event-reader
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
- kind: ClusterRoleBinding (3)
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: event-reader-binding
subjects:
- kind: ServiceAccount
name: eventrouter
namespace: ${NAMESPACE}
roleRef:
kind: ClusterRole
name: event-reader
- kind: configmap (4)
apiVersion: v1
metadata:
name: eventrouter
namespace: ${NAMESPACE}
data:
config.json: |-
{
"sink": "stdout"
}
- kind: Deployment (5)
apiVersion: apps/v1
metadata:
name: eventrouter
namespace: ${NAMESPACE}
labels:
component: "eventrouter"
logging-infra: "eventrouter"
provider: "openshift"
spec:
selector:
matchLabels:
component: "eventrouter"
logging-infra: "eventrouter"
provider: "openshift"
replicas: 1
template:
metadata:
labels:
component: "eventrouter"
logging-infra: "eventrouter"
provider: "openshift"
name: eventrouter
spec:
serviceAccount: eventrouter
containers:
- name: kube-eventrouter
image: ${IMAGE}
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: ${CPU}
memory: ${MEMORY}
volumeMounts:
- name: config-volume
mountPath: /etc/eventrouter
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumes:
- name: config-volume
configmap:
name: eventrouter
parameters:
- name: IMAGE (6)
displayName: Image
value: "registry.redhat.io/openshift-logging/eventrouter-rhel8:v0.4"
- name: CPU (7)
displayName: CPU
value: "100m"
- name: MEMORY (8)
displayName: Memory
value: "128Mi"
- name: NAMESPACE
displayName: Namespace
value: "openshift-logging" (9)