Newer
Older
{{- if eq .Values.namespaceTag .Values.mainNamespace }}
image: {{ .Values.logstash.image }}:{{ default .Values.elasticVersion .Values.logstash.imageTag }}
version: {{ .Values.elasticVersion }}
elasticsearchRefs:
- name: {{ .Release.Name }}-elasticsearch
clusterName: {{ .Release.Name }}-elasticsearch
monitoring:
logs:
elasticsearchRefs:
- name: {{ .Release.Name }}-elasticsearch
volumeClaimTemplates:
- metadata:
name: logstash-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.logstash.diskSpace }}
storageClassName: {{ .Values.logstash.storageClassName }}
{{- range $index := until (.Values.logstash.count_beats |int ) -}}
name: {{ $.Values.logstash.beats.pipelines_group_name }}
statefulset.kubernetes.io/pod-name: logstash-beats-ls-{{$index}}
{{- end}}
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["${ELASTIC_ELASTICSEARCH_ES_HOSTS}"]
xpack.monitoring.elasticsearch.username: "${MONITORING_USER}"
xpack.monitoring.elasticsearch.password: "${MONITORING_PASSWORD}"
xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/ca.crt
metadata:
labels:
stack-namespace: {{ .Release.Namespace }}
securityContext:
runAsUser: 1000
fsGroup: 1000
initContainers:
- name: git-clone
image: alpine/git
args:
- clone
- --single-branch
- --branch
- {{ .Values.kibana.dashboardsBranch }}
- https://code.europa.eu/simpl/simpl-open/development/monitoring/eck-monitoring.git
- /mnt/ilm/
volumeMounts:
- name: repo
mountPath: /mnt/ilm/
command: ["/bin/sh", "-c", "cd /mnt/ilm/charts/kibana/scripts; chmod +x ./load_objects.sh; ./load_objects.sh 2>&1 "]
volumeMounts:
- name: repo
mountPath: /mnt/ilm/
- name: logstash-business-ilm-vol
mountPath: /usr/share/logstash/ilm/logstash-business-ilm.json
subPath: logstash-business-ilm.json
- name: logstash-technical-ilm-vol
mountPath: /usr/share/logstash/ilm/logstash-technical-ilm.json
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-elasticsearch-es-elastic-user
key: elastic
{{- with .Values.logstash.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
- name: pipeline-config-{{- .name }}
mountPath: /app/elastic/logstash/config/pipelines/{{- .name -}}.config
subPath: {{ .name -}}.config
- name: certs-logstash
mountPath: /usr/share/logstash/certs-logstash
- name: repo
mountPath: /mnt/ilm/
- name: logstash-business-ilm-vol
mountPath: /usr/share/logstash/ilm/logstash-business-ilm.json
subPath: logstash-business-ilm.json
- name: logstash-technical-ilm-vol
mountPath: /usr/share/logstash/ilm/logstash-technical-ilm.json
subPath: logstash-technical-ilm.json
mountPath: /usr/share/logstash/test/logstash-replace.sh
subPath: logstash-replace.sh
env:
- name: LS_JAVA_OPTS
value: {{ .Values.logstash.env.ls_java_opts }}
- name: LOGSTASH_USER
valueFrom:
secretKeyRef:
name: logstash-writer-secret
key: username
- name: LOGSTASH_PASSWORD
valueFrom:
secretKeyRef:
name: logstash-writer-secret
key: password
- name: MONITORING_USER
valueFrom:
secretKeyRef:
name: user-monitoring-secret
key: username
valueFrom:
secretKeyRef:
name: user-monitoring-secret
key: password
value: 'https://{{ .Release.Name }}-elasticsearch-es-http.{{ .Release.Namespace }}.svc:9200'
- name: ELASTICSEARCH_SSL_CERTIFICATE_VERIFICATION
value: "true"
- name: ELASTICSEARCH_SSL_CA_PATH
value: "/usr/share/logstash/config/certs/ca.crt"
name: logstash-{{- $.Values.logstash.beats.pipelines_group_name -}}-{{- .name -}}-config
secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret-internal
- name: certs-logstash
secret:
secretName: logstash-secret-{{ .Values.logstash.beats.pipelines_group_name }}
- name: repo
emptyDir: {}
- name: logstash-business-ilm-vol
configMap:
name: logstash-business-ilm-configmap
- name: logstash-technical-ilm-vol
configMap:
name: logstash-technical-ilm-configmap
- name: logstash-test
configMap:
name: logstash-test
defaultMode: 511
secretName: logstash-{{ .Values.logstash.beats.pipelines_group_name }}-pipelines-yml
name: logstash-{{ .Values.logstash.beats.pipelines_group_name }}-pipelines-yml
{{ tpl .Values.logstash.pipelines_yml_config $ | nindent 6 | b64enc }}
name: logstash-{{ $.Values.logstash.beats.pipelines_group_name }}-{{ .name }}-config
{{- tpl .input $ | nindent 4 }}
{{- tpl .filter $ | nindent 4 }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: logstash-api-{{ .Values.logstash.beats.pipelines_group_name }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 50m
external-dns.alpha.kubernetes.io/hostname: "{{ template "logstash.dns" . }},{{- include "logstash.dns.array" . | trim}}"
spec:
ingressClassName: nginx
tls:
- hosts:
- {{ template "logstash.dns" . }}
secretName: logstash-secret-{{ .Values.logstash.beats.pipelines_group_name }}
rules:
- host: {{ template "logstash.dns" . }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: logstash-{{ .Values.logstash.beats.pipelines_group_name }}-ls-api
port:
number: 9600
{{ $concatUrl := (include "logstash.dns" .) }}
{{ $prefix := (default "l" .Values.logstash.urlPrefix) }}
{{- range $index_i := until (.Values.logstash.count_beats |int ) -}}
{{- printf "\n"}}
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services-{{ $.Values.logstash.beats.pipelines_group_name }}-{{$index_i}}
5044: "observability/logstash-{{ $.Values.logstash.beats.pipelines_group_name }}-ls-{{$index_i}}:5044"
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: logstash-{{ .Values.logstash.beats.pipelines_group_name }}
spec:
duration: {{ .Values.logstash.cert.duration }}
renewBefore: {{ .Values.logstash.cert.renewBefore }}
commonName: {{ template "logstash.dns" . }}
secretName: logstash-secret-{{ .Values.logstash.beats.pipelines_group_name }}
dnsNames:
- "{{ template "logstash.dns" . }}"
{{- range $index_i := until (.Values.logstash.count_beats |int ) }}
- "{{$prefix}}{{$index_i}}.{{$concatUrl}}"
{{- end }}
- "logstash.{{ .Values.logstash.beats.pipelines_group_name }}-ls-api.{{ .Values.namespaceTag }}.{{ .Values.domainSuffix }}"
- "logstash-{{ .Values.logstash.beats.pipelines_group_name }}-ls-api.{{ .Release.Namespace }}"
- "logstash-{{ .Values.logstash.beats.pipelines_group_name }}-ls-api.{{ .Release.Namespace }}.svc.cluster.local"
name: elk-clusterissuer
kind: ClusterIssuer
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
---
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-business-ilm-configmap
data:
logstash-business-ilm.json: |
{
"policy": {
"phases": {
"hot": {
"actions": {
"rollover": {
"max_age": "{{ .Values.logstash.ilm.business.hot.max_age }}",
"max_primary_shard_size": "{{ .Values.logstash.ilm.business.hot.max_primary_shard_size }}"
},
"set_priority": {
"priority": 100
}
},
"min_age": "0ms"
},
"delete": {
"min_age": "{{ .Values.logstash.ilm.business.delete.min_age }}",
"actions": {
"delete": {}
}
}
}
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-technical-ilm-configmap
data:
logstash-technical-ilm.json: |
{
"policy": {
"phases": {
"hot": {
"actions": {
"rollover": {
"max_age": "{{ .Values.logstash.ilm.technical.hot.max_age }}",
"max_primary_shard_size": "{{ .Values.logstash.ilm.technical.hot.max_primary_shard_size }}"
},
"set_priority": {
"priority": 100
}
},
"min_age": "0ms"
},
"delete": {
"min_age": "{{ .Values.logstash.ilm.technical.delete.min_age }}",
"actions": {
"delete": {}
}
}
}
}
}
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-test
data:
sed -i 's/@{/${/g' /app/elastic/logstash/config/pipelines/beats-pipeline.config