added self monitoring for logstash

4207353e · Natalia Szakiel · 61cf25d0 · 4207353e · 4207353e
Commit 4207353e authored 8 months ago by Natalia Szakiel
--- a/templates/elasticsearch.yaml
+++ b/templates/elasticsearch.yaml
@@ -8,8 +8,10 @@ spec:
  auth:
    roles:
    - secretName: logstash-writer-role-secret
+    - secretName: user-monitoring-role-secret
    fileRealm:
    - secretName: logstash-writer-secret
+    - secretName: user-monitoring-secret
  nodeSets:
  {{- range .Values.elasticsearch.nodeSets }}
  - name: {{ .name }}
@@ -140,6 +142,63 @@ stringData:
      - names: [ '*' ]
        privileges:  ["read","write","create","create_index","manage","manage_ilm"]
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: user-monitoring-secret
+type: kubernetes.io/basic-auth
+data:
+  username: {{ "monitoring_user" | b64enc }}
+  {{- if .Release.IsInstall }}
+  password: {{ randAlphaNum 20 | b64enc }}
+  {{ else }}
+  password:  {{ index (lookup "v1" "Secret" .Release.Namespace "user-monitoring-secret").data "password" }}
+  {{ end }}
+  roles: {{ "user-monitoring-role" | b64enc }}
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: user-monitoring-role-secret
+stringData:
+  roles.yml: |-
+    user-monitoring-role:
+      cluster:
+          - monitor
+          - manage_index_templates
+          - manage_ingest_pipelines
+          - manage_ilm
+          - read_ilm
+          - manage
+          - cluster:admin/xpack/watcher/watch/put
+          - cluster:admin/xpack/watcher/watch/delete
+      indices:
+          - names:
+              - .monitoring-*
+            privileges:
+              - all
+          - names:
+              - .ds-*
+            privileges:
+              - all              
+          - names:
+              - metricbeat-*
+            privileges:
+              - manage
+              - read
+              - create_doc
+              - view_index_metadata
+              - create_index
+          - names:
+              - filebeat-*
+            privileges:
+              - manage
+              - read
+              - create_doc
+              - view_index_metadata
+              - create_index
+      applications: []
+---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:

--- a/templates/logstash_beats.yaml
+++ b/templates/logstash_beats.yaml
@@ -34,7 +34,14 @@ spec:
          selector:
            statefulset.kubernetes.io/pod-name: logstash-beats-ls-{{$index}}
 {{- end}}
-  config: 
+  config:
+    logstash.yml: |
+      http.host: "0.0.0.0"
+      xpack.monitoring.enabled: true
+      xpack.monitoring.elasticsearch.hosts: ["${ELASTIC_ELASTICSEARCH_ES_HOSTS}"]
+      xpack.monitoring.elasticsearch.username: "${MONITORING_USER}"
+      xpack.monitoring.elasticsearch.password: "${MONITORING_PASSWORD}"
+      xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/ca.crt
    {{- with .Values.logstash.config }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
@@ -69,7 +76,17 @@ spec:
            valueFrom:
              secretKeyRef:
                name: logstash-writer-secret
-                key: password 
+                key: password
+          - name: MONITORING_USER
+            valueFrom:
+              secretKeyRef:
+                name: user-monitoring-secret
+                key: username
+          - name: PASSWORD_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: user-monitoring-secret
+                key: password  
          - name: ELASTIC_ELASTICSEARCH_ES_HOSTS
            value: 'https://elastic-elasticsearch-es-http.{{ .Release.Namespace }}.svc:9200'
          - name: ELASTICSEARCH_SSL_CERTIFICATE_VERIFICATION