├── .circleci
    └── config.yml
├── CHANGELOG.md
├── README.md
├── docs
    ├── index.md
    └── kibana.png
├── helm
    ├── g8s-efk-chart
    │   ├── .helmignore
    │   ├── Chart.yaml
    │   ├── templates
    │   │   ├── curator
    │   │   │   └── cronjob.yaml
    │   │   ├── elasticsearch
    │   │   │   ├── configmap.yaml
    │   │   │   ├── deployment.yaml
    │   │   │   ├── persistent-volume-claim.yaml
    │   │   │   ├── psp.yaml
    │   │   │   ├── rbac.yaml
    │   │   │   ├── service.yaml
    │   │   │   └── serviceaccount.yaml
    │   │   ├── fluentbit
    │   │   │   ├── configmap.yaml
    │   │   │   ├── daemonset.yaml
    │   │   │   ├── psp.yaml
    │   │   │   ├── rbac.yaml
    │   │   │   ├── service.yaml
    │   │   │   └── serviceaccount.yaml
    │   │   └── kibana
    │   │   │   ├── certs-secret.yaml
    │   │   │   ├── configmap.yaml
    │   │   │   ├── deployment.yaml
    │   │   │   ├── ingress.yaml
    │   │   │   ├── nginx-configmap.yaml
    │   │   │   ├── nginx-secret.yaml
    │   │   │   └── service.yaml
    │   └── values.yaml
    └── kubernetes-elastic-stack-elastic-logging
    │   ├── Chart.yaml
    │   ├── charts
    │       ├── elasticsearch-0.2.1.tgz
    │       ├── elasticsearch-curator-2.0.3.tgz
    │       ├── elasticsearch-exporter-0.1.0.tgz
    │       ├── fluentd-elasticsearch-0.2.2.tgz
    │       ├── keycloak-gatekeeper-1.1.1-3.tgz
    │       └── kibana-0.2.0.tgz
    │   ├── requirements.lock
    │   ├── requirements.yaml
    │   └── values.yaml
├── manifests-all.yaml
├── manifests
    ├── elasticsearch
    │   ├── 1-rbac-sa-psp.yaml
    │   ├── configmap.yaml
    │   ├── deployment.yaml
    │   ├── ingress.yaml
    │   ├── persistentvolumeclaim.yaml
    │   └── service.yaml
    ├── fluentd
    │   ├── 1-rbac-sa-psp.yaml
    │   ├── configmap.yaml
    │   └── daemonset.yaml
    └── kibana
    │   ├── configmap.yaml
    │   ├── deployment.yaml
    │   ├── ingress.yaml
    │   └── service.yaml
└── test
    ├── .gitignore
    ├── README.md
    ├── aggregate-results.sh
    ├── sharness.sh
    └── simple.t


/.circleci/config.yml:
--------------------------------------------------------------------------------
 1 | version: 2.1
 2 | orbs:
 3 |   architect: giantswarm/architect@0.1.2
 4 | 
 5 | workflows:
 6 |   package-and-push-chart-on-tag:
 7 |     jobs:
 8 |       - architect/push-to-app-catalog:
 9 |           name: "package and push elastic-logging chart"
10 |           app_catalog: "giantswarm-incubator-catalog"
11 |           app_catalog_test: "giantswarm-incubator-test-catalog"
12 |           chart: "kubernetes-elastic-stack-elastic-logging"
13 |           # Trigger job on git tag.
14 |           filters:
15 |             tags:
16 |               only: /^v.*/
17 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # v0.2.0
 2 | Upgraded all elastic components to 7.4.0 [Release Notes](https://www.elastic.co/guide/en/elasticsearch/reference/7.4/release-notes-7.4.0.html)
 3 | 
 4 | Added curator with 3 days history
 5 | 
 6 | The following namespaces are ommited for logging:
 7 | - default
 8 | - giantswarm
 9 | - kube-node-lease
10 | - kube-public
11 | - kube-system
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | [![CircleCI](https://circleci.com/gh/giantswarm/kubernetes-elastic-stack.svg?style=shield)](https://circleci.com/gh/giantswarm/kubernetes-elastic-stack)
 2 | 
 3 | # Logging with Elastic in Kubernetes
 4 | 
 5 | See [docs](docs/index.md) for full recipe content.
 6 | 
 7 | 
 8 | This setup is similar to the [`Full Stack Example`](https://github.com/elastic/examples/tree/master/Miscellaneous/docker/full_stack_example), but adopted to be run on a Kubernetes cluster.
 9 | 
10 | There is no access control for the Kibana web interface. If you want to run this in public you need to secure your setup. The provided manifests here are for demonstration purposes only.
11 | 
12 | 
13 | # Local Setup
14 | 
15 | ## Start a local Kubernetes using minikube
16 | 
17 | > If some webpages don't show up immediately wait a bit and reload. Also the Kubernetes Dashboard needs reloading to update its view.
18 | 
19 | ```bash
20 | minikube start --memory 4096
21 | 
22 | minikube dashboard
23 | # maybe wait a bit and retry
24 | kubectl get --all-namespaces services,pods
25 | ```
26 | 
27 | ## Logging with Elasticsearch and fluentd
28 | 
29 | ```bash
30 | kubectl apply \
31 |   --filename https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/master/manifests-all.yaml
32 | 
33 | minikube service kibana
34 | ```
35 | 
36 | For the index pattern in Kibana choose `fluentd-*`, then switch to the "Discover" view.
37 | Every log line by containers running within the Kubernetes cluster is enhanced by meta data like `namespace_name`, `labels` and so on. This way it is easy to group and filter down on specific parts.
38 | 
39 | 
40 | ## Turn down all logging components
41 | 
42 | ```bash
43 | kubectl delete \
44 |   --filename https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/master/manifests-all.yaml
45 | ```
46 | 
47 | FIXME alternatively
48 | --selector stack=logging
49 | 
50 | To delete the whole local Kubernetes cluster use this:
51 | 
52 | ```bash
53 | minikube delete
54 | ```
55 | 


--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
 1 | +++
 2 | title = "Logging with the Elastic Stack"
 3 | description = "The Elastic stack, also known as the ELK stack, has become a wide-spread tool for aggregating logs. This recipe helps you to set it up in Kubernetes."
 4 | date = "2017-10-30"
 5 | type = "page"
 6 | weight = 50
 7 | tags = ["recipe"]
 8 | +++
 9 | 
10 | # Logging with the Elastic Stack
11 | 
12 | The Elastic stack, most prominently know as the ELK stack, in this recipe is the combination of Fluentd, Elasticsearch, and Kibana. This stack helps you get all logs from your containers into a single searchable data store without having to worry about logs disappearing together with the containers. With Kibana you get a nice analytics and visualization platform on top.
13 | 
14 | ![Kibana](kibana.png)
15 | 
16 | ## Deploying Elasticsearch, Filebeat, and Kibana
17 | 
18 | First we create a namespace and deploy our manifests to it.
19 | 
20 | ```bash
21 | kubectl apply \
22 |   --filename https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/master/manifests-all.yaml
23 | ```
24 | 
25 | ## Configuring Kibana
26 | 
27 | Now we need to open up Kibana. As we have no authentication set up in this recipe (you can check out [Shield](https://www.elastic.co/products/x-pack/security) for that), we access Kibana through
28 | 
29 | ```nohighlight
30 | $ POD=$(kubectl get pods --selector component=kibana \
31 |     -o template --template '{{range .items}}{{.metadata.name}} {{.status.phase}}{{"\n"}}{{end}}' \
32 |     | grep Running | head -1 | cut -f1 -d' ')
33 | $ kubectl port-forward --namespace logging $POD 5601:5601
34 | ```
35 | 
36 | Now you can open up your browser at `http://localhost:5601/app/kibana/` and access the Kibana frontend.
37 | 
38 | Now set `fluentd-*` for `index pattern`.
39 | 
40 | All set! You can now use Kibana to access your logs including filtering logs based on pod names and namespaces.
41 | 


--------------------------------------------------------------------------------
/docs/kibana.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/docs/kibana.png


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/.helmignore:
--------------------------------------------------------------------------------
 1 | # Patterns to ignore when building packages.
 2 | # This supports shell glob matching, relative path matching, and
 3 | # negation (prefixed with !). Only one pattern per line.
 4 | .DS_Store
 5 | # Common VCS dirs
 6 | .git/
 7 | .gitignore
 8 | .bzr/
 9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/Chart.yaml:
--------------------------------------------------------------------------------
 1 | name: efk
 2 | version: 1.0.0
 3 | appVersion: 6.1.1
 4 | description: Elasticsearch, Fluentbit and Kibana stack ready to be your logging system.
 5 | icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg
 6 | sources:
 7 | - https://www.elastic.co/products/elasticsearch
 8 | - https://github.com/jetstack/elasticsearch-pet
 9 | - https://github.com/GoogleCloudPlatform/elasticsearch-docker
10 | - https://github.com/clockworksoul/helm-elasticsearch
11 | - https://github.com/pires/kubernetes-elasticsearch-cluster
12 | maintainers:
13 |   - name: giantswarm
14 |     email: info@giantswarm.io
15 | engine: gotpl
16 | tillerVersion: ">=2.8.0"


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/curator/cronjob.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: batch/v2alpha1
 2 | kind: CronJob
 3 | metadata:
 4 |   namespace: "{{ .Values.namespace }}"
 5 |   name: curator
 6 | spec:
 7 |   schedule: "{{ .Values.curator.cron }}"
 8 |   successfulJobsHistoryLimit: 2
 9 |   failedJobsHistoryLimit: 2
10 |   jobTemplate:
11 |     spec:
12 |       template:
13 |         metadata:
14 |           name: curator
15 |           labels:
16 |             app: curator
17 |         spec:
18 |           containers:
19 |           - name: curator
20 |             image: quay.io/giantswarm/curator:latest
21 |             imagePullPolicy: Always
22 |             env:
23 |               - name: ELASTICSEARCH_HOST
24 |                 value: elasticsearch:9200
25 |               - name: RETENTION_DAYS
26 |                 value: "{{ .Values.curator.retention }}"
27 |               - name: INDEX_NAME_PREFIX
28 |                 value: "{{ .Values.logsPrefix }}-"
29 |               - name: INDEX_NAME_TIMEFORMAT
30 |                 value: "%Y.%m.%d"
31 |             resources:
32 |               limits:
33 |                 cpu: 50m
34 |                 memory: 50Mi
35 |               requests:
36 |                 cpu: 50m
37 |                 memory: 50Mi
38 |           restartPolicy: OnFailure
39 |           # retry for a maximum of 10 minutes
40 |           activeDeadlineSeconds: 600
41 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: elasticsearch
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: elasticsearch
 8 | data:
 9 |   elasticsearch.yml: |
10 |     cluster.name: {{ .Values.clusterName }}
11 |     node.name: "es_node"
12 |     path.data: /usr/share/elasticsearch/data
13 |     http:
14 |       host: 0.0.0.0
15 |       port: 9200
16 |     bootstrap.memory_lock: true
17 |     transport.host: 127.0.0.1
18 |     discovery:
19 |       zen:
20 |         minimum_master_nodes: 1
21 |     logger.org.elasticsearch.transport: debug
22 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: elasticsearch
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: elasticsearch
 8 | spec:
 9 |   replicas: 1
10 |   revisionHistoryLimit: 3
11 |   strategy:
12 |     type: Recreate
13 |   template:
14 |     metadata:
15 |       annotations:
16 |         releasetime: {{ $.Release.Time }}
17 |       labels:
18 |         app: elasticsearch
19 |     spec:
20 |       affinity:
21 |         nodeAffinity:
22 |           requiredDuringSchedulingIgnoredDuringExecution:
23 |             nodeSelectorTerms:
24 |             - matchExpressions:
25 |               - key: role
26 |                 operator: NotIn
27 |                 values:
28 |                 - master
29 | {{- if .Values.elasticsearch.nodeSelector }}
30 |       nodeSelector:
31 | {{ toYaml .Values.data.nodeSelector | indent 8 }}
32 | {{- end }}
33 | {{- if .Values.elasticsearch.tolerations }}
34 |       tolerations:
35 | {{ toYaml .Values.elasticsearch.tolerations | indent 8 }}
36 | {{- end }}
37 |       initContainers:
38 |       - name: set-vm-max-map-count
39 |         image: quay.io/giantswarm/busybox:1.28.3
40 |         imagePullPolicy: IfNotPresent
41 |         command: ['sysctl', '-w', 'vm.max_map_count=262144']
42 |         securityContext:
43 |           privileged: true
44 |       {{- if .Values.elasticsearch.persistence.enabled }}
45 |       - name: volume-mount-hack
46 |         image: quay.io/giantswarm/busybox:1.28.3
47 |         imagePullPolicy: IfNotPresent
48 |         command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
49 |         volumeMounts:
50 |         - name: elasticsearch-data
51 |           mountPath: /usr/share/elasticsearch/data
52 |       {{- end }}
53 |       serviceAccountName: elasticsearch
54 |       containers:
55 |       - name: elasticsearch
56 |         image: "{{ .Values.elasticsearch.image.repository }}:{{ .Values.elasticsearch.image.tag }}"
57 |         imagePullPolicy: {{ .Values.elasticsearch.image.pullPolicy | quote }}
58 |         env:
59 |         - name: ES_JAVA_OPTS
60 |           value: "-Djava.net.preferIPv4Stack=true -Xms4g -Xmx4g"
61 |         ports:
62 |         - containerPort: 9200
63 |         livenessProbe:
64 |           httpGet:
65 |             path: /_cluster/health?local=true
66 |             port: 9200
67 |           initialDelaySeconds: 60
68 |         readinessProbe:
69 |           httpGet:
70 |             path: /_cluster/health?local=true
71 |             port: 9200
72 |           initialDelaySeconds: 30
73 |         resources:
74 | {{ toYaml .Values.elasticsearch.resources | indent 12 }}
75 |         volumeMounts:
76 |         - name: config
77 |           mountPath: /usr/share/elasticsearch/elasticsearch.yml
78 |           subPath: elasticsearch.yml
79 |         - name: elasticsearch-data
80 |           mountPath: /usr/share/elasticsearch/data
81 |       restartPolicy: Always
82 |       volumes:
83 |       - name: config
84 |         configMap:
85 |           name: elasticsearch
86 |       - name: elasticsearch-data
87 |       {{- if .Values.elasticsearch.persistence.enabled }}
88 |         persistentVolumeClaim:
89 |           claimName: {{ .Values.elasticsearch.persistence.pvcName | quote }}
90 |       {{- else }}
91 |         emptyDir: {}
92 |       {{- end }}
93 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/persistent-volume-claim.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.elasticsearch.persistence.enabled }}
 2 | kind: PersistentVolumeClaim
 3 | apiVersion: v1
 4 | metadata:
 5 |   labels:
 6 |     app: elasticsearch
 7 |   name: {{ .Values.elasticsearch.persistence.pvcName }}
 8 |   namespace: "{{ .Values.namespace }}"
 9 |   annotations:
10 |     "helm.sh/resource-policy": keep
11 | spec:
12 |   accessModes:
13 |     - ReadWriteOnce
14 |   resources:
15 |     requests:
16 |       storage: {{ .Values.elasticsearch.persistence.size }}
17 | {{- end }}
18 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/psp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: PodSecurityPolicy
 3 | metadata:
 4 |   name: elasticsearch-psp
 5 | spec:
 6 |   privileged: true
 7 |   fsGroup:
 8 |     rule: RunAsAny
 9 |   runAsUser:
10 |     rule: RunAsAny
11 |   seLinux:
12 |     rule: RunAsAny
13 |   supplementalGroups:
14 |     rule: RunAsAny
15 |   volumes:
16 |     - 'secret'
17 |     - 'configMap'
18 |     - 'hostPath'
19 |     - 'persistentVolumeClaim'
20 |     - 'emptyDir'
21 |   hostNetwork: false
22 |   hostIPC: false
23 |   hostPID: false
24 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/rbac.yaml:
--------------------------------------------------------------------------------
 1 | kind: ClusterRole
 2 | apiVersion: rbac.authorization.k8s.io/v1beta1
 3 | metadata:
 4 |   name: elasticsearch
 5 | rules:
 6 | - apiGroups:
 7 |   - ""
 8 |   resources:
 9 |   - "services"
10 |   - "namespaces"
11 |   - "endpoints"
12 |   verbs:
13 |   - "get"
14 | ---
15 | apiVersion: rbac.authorization.k8s.io/v1beta1
16 | kind: ClusterRoleBinding
17 | metadata:
18 |   name: elasticsearch
19 | subjects:
20 |   - kind: ServiceAccount
21 |     name: elasticsearch 
22 |     namespace: "{{ .Values.namespace }}"
23 | roleRef:
24 |   kind: ClusterRole
25 |   name: elasticsearch 
26 |   apiGroup: rbac.authorization.k8s.io
27 | ---
28 | apiVersion: rbac.authorization.k8s.io/v1beta1
29 | kind: ClusterRole
30 | metadata:
31 |   name: elasticsearch-psp
32 | rules:
33 |   - apiGroups:
34 |       - extensions
35 |     resources:
36 |       - podsecuritypolicies
37 |     verbs:
38 |       - use
39 |     resourceNames:
40 |       - elasticsearch-psp
41 | ---
42 | apiVersion: rbac.authorization.k8s.io/v1beta1
43 | kind: ClusterRoleBinding
44 | metadata:
45 |   name: elasticsearch-psp
46 | subjects:
47 |   - kind: ServiceAccount
48 |     name: elasticsearch
49 |     namespace: "{{ .Values.namespace }}"
50 | roleRef:
51 |   kind: ClusterRole
52 |   name: elasticsearch-psp
53 |   apiGroup: rbac.authorization.k8s.io
54 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: elasticsearch
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: elasticsearch
 8 | spec:
 9 |   ports:
10 |     - name: nginx
11 |       port: 8000
12 |       targetPort: 8000
13 |     - name: elasticsearch
14 |       port: 9200
15 |       targetPort: 9200
16 |   selector:
17 |     app: elasticsearch
18 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/elasticsearch/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: elasticsearch 
5 |   namespace: "{{ .Values.namespace }}"
6 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: fluentbit-config
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: fluentbit
 8 | data:
 9 |   # Configuration files: server, input, filters and output
10 |   # ======================================================
11 |   fluentbit.conf: |
12 |     [SERVICE]
13 |         Flush         5
14 |         Log_Level     info
15 |         Daemon        off
16 |         Parsers_File  parsers.conf
17 |         HTTP_Server   On
18 |         HTTP_Listen   0.0.0.0
19 |         HTTP_Port     2020
20 | 
21 |     [INPUT]
22 |         Name              tail
23 |         Tag               kube.*
24 |         Path              /var/log/containers/*.log
25 |         Parser            docker
26 |         DB                /var/log/flb_kube.db
27 |         Buffer_Max_Size   128k
28 |         Mem_Buf_Limit     10MB
29 |         Skip_Long_Lines   On
30 |         Refresh_Interval  10
31 | 
32 |     [FILTER]
33 |         # Remove garbage log entries from fluent-bit (https://github.com/fluent/fluent-bit/issues/429)
34 |         Name   grep
35 |         Match  *
36 |         Exclude  log \"took\"\"errors\"\"took\"\"errors\"
37 | 
38 |     [FILTER]
39 |         Name                kubernetes
40 |         Match               kube.*
41 |         Kube_URL            https://kubernetes.default.svc:443
42 |         Merge_Log           Off
43 |         K8S-Logging.Parser  On
44 | 
45 |     [OUTPUT]
46 |         Name            es
47 |         Match           *
48 |         Host            ${FLUENT_ELASTICSEARCH_HOST}
49 |         Port            ${FLUENT_ELASTICSEARCH_PORT}
50 |         Logstash_Format On
51 |         Logstash_Prefix ${FLUENT_ELASTICSEARCH_PREFIX}
52 |         Retry_Limit     False
53 | 
54 |   parsers.conf: |
55 |     [PARSER]
56 |         Name   json-test
57 |         Format json
58 |         Time_Key time
59 |         Time_Format %d/%b/%Y:%H:%M:%S %z
60 | 
61 |     [PARSER]
62 |         Name        docker
63 |         Format      json
64 |         Time_Key    time
65 |         Time_Format %Y-%m-%dT%H:%M:%S.%L
66 |         Time_Keep   On
67 |         # Command      |  Decoder | Field | Optional Action
68 |         # =============|==================|=================
69 |         Decode_Field_As   escaped    log
70 | 
71 |     [PARSER]
72 |         Name        syslog
73 |         Format      regex
74 |         Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
75 |         Time_Key    time
76 |         Time_Format %b %d %H:%M:%S
77 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/daemonset.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: DaemonSet
 3 | metadata:
 4 |   name: fluentbit
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: fluentbit
 8 | spec:
 9 |   template:
10 |     metadata:
11 |       annotations:
12 |         releasetime: {{ $.Release.Time }}
13 |       labels:
14 |         app: fluentbit
15 |     spec:
16 |       tolerations:
17 |       # Tolerate master taint
18 |       - key: node-role.kubernetes.io/master
19 |         operator: Exists
20 |         effect: NoSchedule
21 |       containers:
22 |       - name: fluentbit
23 |         image: "{{ .Values.fluentbit.image.repository }}:{{ .Values.fluentbit.image.tag }}"
24 |         imagePullPolicy: {{ .Values.elasticsearch.image.pullPolicy | quote }}
25 |         command: ["/fluent-bit/bin/fluent-bit"]
26 |         args: ["--config=/fluentbit/etc/fluentbit.conf"]
27 |         env:
28 |         - name: FLUENT_ELASTICSEARCH_HOST
29 |           value: "elasticsearch.{{ .Values.namespace }}.svc"
30 |         - name: FLUENT_ELASTICSEARCH_PORT
31 |           value: "9200"
32 |         - name: FLUENT_ELASTICSEARCH_PREFIX
33 |           value: "{{ .Values.logsPrefix }}"
34 |         resources:
35 |           limits:
36 |             cpu: 40m
37 |             memory: 80Mi
38 |           requests:
39 |             cpu: 40m
40 |             memory: 80Mi
41 |         livenessProbe:
42 |           tcpSocket:
43 |             port: 2020
44 |           initialDelaySeconds: 10
45 |         readinessProbe:
46 |           tcpSocket:
47 |             port: 2020
48 |           initialDelaySeconds: 10
49 |         volumeMounts:
50 |         - name: varlog
51 |           mountPath: /var/log
52 |         - name: varlibdockercontainers
53 |           mountPath: /var/lib/docker/containers
54 |           readOnly: true
55 |         - name: fluentbit-config-vol
56 |           mountPath: /fluentbit/etc/
57 |         - name: mnt
58 |           mountPath: /mnt
59 |           readOnly: true
60 |       terminationGracePeriodSeconds: 10
61 |       volumes:
62 |       - name: varlog
63 |         hostPath:
64 |           path: /var/log
65 |       - name: varlibdockercontainers
66 |         hostPath:
67 |           path: /var/lib/docker/containers
68 |       - name: fluentbit-config-vol
69 |         configMap:
70 |           name: fluentbit-config
71 |       - name: mnt
72 |         hostPath:
73 |           path: /mnt
74 |       serviceAccountName: fluentbit
75 |   updateStrategy:
76 |     rollingUpdate:
77 |       maxUnavailable: 1
78 |     type: RollingUpdate
79 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/psp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: PodSecurityPolicy
 3 | metadata:
 4 |   name: fluentbit-psp
 5 | spec:
 6 |   privileged: false
 7 |   fsGroup:
 8 |     rule: RunAsAny
 9 |   runAsUser:
10 |     rule: RunAsAny
11 |   seLinux:
12 |     rule: RunAsAny
13 |   supplementalGroups:
14 |     rule: RunAsAny
15 |   volumes:
16 |     - 'secret'
17 |     - 'configMap'
18 |     - 'hostPath'
19 |   hostNetwork: false
20 |   hostIPC: false
21 |   hostPID: false


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/rbac.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1beta1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: fluentbit-read
 5 | rules:
 6 | - apiGroups: [""]
 7 |   resources:
 8 |   - namespaces
 9 |   - pods
10 |   verbs: ["get", "list", "watch"]
11 | ---
12 | apiVersion: rbac.authorization.k8s.io/v1beta1
13 | kind: ClusterRoleBinding
14 | metadata:
15 |   name: fluentbit-read
16 | roleRef:
17 |   apiGroup: rbac.authorization.k8s.io
18 |   kind: ClusterRole
19 |   name: fluentbit-read
20 | subjects:
21 | - kind: ServiceAccount
22 |   name: fluentbit
23 |   namespace: "{{ .Values.namespace }}"
24 | ---
25 | apiVersion: rbac.authorization.k8s.io/v1beta1
26 | kind: ClusterRole
27 | metadata:
28 |   name: fluentbit-psp
29 | rules:
30 |   - apiGroups:
31 |       - extensions
32 |     resources:
33 |       - podsecuritypolicies
34 |     verbs:
35 |       - use
36 |     resourceNames:
37 |       - fluentbit-psp
38 | ---
39 | apiVersion: rbac.authorization.k8s.io/v1beta1
40 | kind: ClusterRoleBinding
41 | metadata:
42 |   name: fluentbit-psp
43 | subjects:
44 |   - kind: ServiceAccount
45 |     name: fluentbit
46 |     namespace: "{{ .Values.namespace }}"
47 | roleRef:
48 |   kind: ClusterRole
49 |   name: fluentbit-psp
50 |   apiGroup: rbac.authorization.k8s.io 
51 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: fluentbit
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: fluentbit
 8 |   annotations:
 9 |     prometheus.io/scrape: "true"
10 |     prometheus.io/path: "/api/v1/metrics/prometheus"
11 | spec:
12 |   ports:
13 |     - name: fluentbit
14 |       port: 2020
15 |       targetPort: 2020
16 |   selector:
17 |     app: fluentbit
18 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/fluentbit/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: fluentbit
5 |   namespace: "{{ .Values.namespace }}"
6 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/certs-secret.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.ingress.enabled }}
 2 | apiVersion: v1
 3 | kind: Secret
 4 | type: Opaque
 5 | metadata:
 6 |   name: kibana-certs-secret
 7 |   namespace: "{{ .Values.namespace }}"
 8 | data:
 9 |   tls.crt: {{ .Values.kibana.tls.crt | b64enc | quote }}
10 |   tls.key: {{ .Values.kibana.tls.key | b64enc | quote }}
11 | {{- end }}
12 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: kibana
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: kibana
 8 | data:
 9 |   kibana.yml: |
10 |     server:
11 |       name: {{ .Values.clusterName }}
12 |       port: 127.0.0.1:5601
13 |     elasticsearch:
14 |       url: "http://elasticsearch.{{ .Values.namespace }}.svc:9200"
15 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/deployment.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: extensions/v1beta1
  2 | kind: Deployment
  3 | metadata:
  4 |   name: kibana
  5 |   namespace: "{{ .Values.namespace }}"
  6 |   labels:
  7 |     app: kibana
  8 | spec:
  9 |   replicas: 1
 10 |   revisionHistoryLimit: 3
 11 |   strategy:
 12 |     type: Recreate
 13 |   template:
 14 |     metadata:
 15 |       annotations:
 16 |         releasetime: {{ $.Release.Time }}
 17 |       labels:
 18 |         app: kibana
 19 |     spec:
 20 |       affinity:
 21 |         nodeAffinity:
 22 |           requiredDuringSchedulingIgnoredDuringExecution:
 23 |             nodeSelectorTerms:
 24 |             - matchExpressions:
 25 |               - key: role
 26 |                 operator: NotIn
 27 |                 values:
 28 |                 - master
 29 |       containers:
 30 |       {{- if .Values.kibana.ingress.enabled }}
 31 |       - name: nginx
 32 |         image: quay.io/giantswarm/nginx:1.12.2
 33 |         volumeMounts:
 34 |         - name: nginx-config
 35 |           mountPath: /etc/nginx/
 36 |         - name: nginx-htpasswd
 37 |           mountPath: /htpasswd/
 38 |         resources:
 39 |           requests:
 40 |             cpu: 50m
 41 |             memory: 75Mi
 42 |           limits:
 43 |             cpu: 50m
 44 |             memory: 75Mi
 45 |       {{- end }}
 46 |       - name: kibana
 47 |         image: "{{ .Values.kibana.image.repository}}:{{ .Values.kibana.image.tag}}"
 48 |         imagePullPolicy: {{ .Values.elasticsearch.image.pullPolicy | quote }}
 49 |         ports:
 50 |         - containerPort: 5601
 51 |         livenessProbe:
 52 |           httpGet:
 53 |             path: /api/status
 54 |             port: 5601
 55 |           initialDelaySeconds: 120
 56 |           timeoutSeconds: 10
 57 |         readinessProbe:
 58 |           httpGet:
 59 |             path: /api/status
 60 |             port: 5601
 61 |           initialDelaySeconds: 5
 62 |           timeoutSeconds: 10
 63 |         resources:
 64 |           requests:
 65 |             cpu: 100m
 66 |             memory: 200Mi
 67 |           limits:
 68 |             cpu: 100m
 69 |             memory: 200Mi
 70 |         volumeMounts:
 71 |         - name: config
 72 |           mountPath: /usr/share/kibana/kibana.yml
 73 |           subPath: kibana.yml
 74 |       - name: sidecar
 75 |         # see https://github.com/giantswarm/kibana-sidecar/pull/3 for info on the image version.
 76 |         # TODO: change to :latest when kibana-sidecar#3 is merged
 77 |         image: quay.io/giantswarm/kibana-sidecar:c9394dc31b769c74841e98201973dbb954506cf1
 78 |         imagePullPolicy: Always
 79 |         env:
 80 |           - name: ELASTICSEARCH_ENDPOINT
 81 |             value: http://elasticsearch.{{ .Values.namespace }}.svc:9200
 82 |           # semantic version number of Kibana
 83 |           - name: KIBANA_VERSION
 84 |             value: "{{ .Values.elasticsearch.image.tag }}"
 85 |         resources:
 86 |           requests:
 87 |             cpu: 50m
 88 |             memory: 50Mi
 89 |           limits:
 90 |             cpu: 50m
 91 |             memory: 50Mi
 92 |       restartPolicy: Always
 93 |       volumes:
 94 |       {{- if .Values.kibana.ingress.enabled }}
 95 |       - name: nginx-config
 96 |         configMap:
 97 |           name: kibana-nginx-configmap
 98 |       - name: nginx-htpasswd
 99 |         secret:
100 |           secretName: kibana-nginx-secret
101 |       {{- end }}
102 |       - name: config
103 |         configMap:
104 |           name: kibana
105 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/ingress.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.ingress.enabled }}
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: kibana
 6 |   namespace: "{{ .Values.namespace }}"
 7 |   labels:
 8 |     app: kibana
 9 |   annotations:
10 |     {{- if .Values.kibana.letsencrypt.enabled }}
11 |     kubernetes.io/tls-acme: "true"
12 |     {{- end }}
13 |     {{- if .Values.kibana.whitelist.enabled }}
14 |     nginx.ingress.kubernetes.io/whitelist-source-range: "{{ .Values.kibana.whitelist.ranges }}"
15 |     {{- end }}
16 | spec:
17 |   tls:
18 |   - hosts:
19 |     - {{ .Values.kibana.host }}
20 |     {{- if .Values.kibana.letsencrypt.enabled }}
21 |     secretName: monitoring-kibana
22 |     {{- else }}
23 |     secretName: kibana-certs-secret
24 |     {{- end }}
25 |   rules:
26 |   -
27 |     host: {{ .Values.kibana.host }} 
28 |     http:
29 |       paths:
30 |       - path: /
31 |         backend:
32 |           serviceName: kibana
33 |           servicePort: 8000
34 | {{- end }}
35 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/nginx-configmap.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.ingress.enabled }}
 2 | kind: ConfigMap
 3 | apiVersion: v1
 4 | metadata:
 5 |   name: kibana-nginx-configmap
 6 |   namespace: "{{ .Values.namespace }}"
 7 |   labels:
 8 |     app: kibana 
 9 | data:
10 |   nginx.conf: |
11 |     error_log stderr warn;
12 |     worker_processes 1;
13 |     events {
14 |       worker_connections 100;
15 |     }
16 |     http {
17 |       keepalive_timeout 5s;
18 |       gzip on;
19 |       gzip_proxied any;
20 |       gzip_types text/plain text/xml text/css
21 |                  text/comma-separated-values
22 |                  text/javascript application/javascript
23 |                  application/atom+xml application/json
24 |                  image/svg+xml;
25 |       log_format  custom  '"$request" '
26 |           '$status $body_bytes_sent $request_time '
27 |           '"$http_x_forwarded_for" '
28 |           '"$http_user_agent" "$http_referer"';
29 |       server {
30 |         listen 8000;
31 |         access_log /dev/stdout custom;
32 |         client_max_body_size 0;
33 |         chunked_transfer_encoding on;
34 |         auth_basic "Restricted";
35 |         auth_basic_user_file /htpasswd/auth;
36 |         server_name           {{ .Values.kibana.host }};
37 |           location / {
38 |             proxy_pass          http://127.0.0.1:5601;
39 |             proxy_set_header    Host $host;
40 |           }
41 |       }
42 |     }
43 | {{- end }}
44 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/nginx-secret.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.ingress.enabled }}
 2 | apiVersion: v1
 3 | kind: Secret
 4 | type: Opaque
 5 | metadata:
 6 |   name: kibana-nginx-secret
 7 |   namespace: "{{ .Values.namespace }}"
 8 | data:
 9 |   auth: {{ .Values.auth | b64enc | quote }}
10 | {{- end }}
11 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/templates/kibana/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: kibana
 5 |   namespace: "{{ .Values.namespace }}"
 6 |   labels:
 7 |     app: kibana
 8 | spec:
 9 |   ports:
10 |   {{- if .Values.kibana.ingress.enabled }}
11 |   - name: nginx
12 |     port: 8000
13 |     targetPort: 8000
14 |   {{- end }}
15 |   - name: kibana
16 |     port: 5601
17 |     targetPort: 5601
18 |   selector:
19 |     app: kibana
20 | 


--------------------------------------------------------------------------------
/helm/g8s-efk-chart/values.yaml:
--------------------------------------------------------------------------------
 1 | # Default values for elasticsearch.
 2 | # This is a YAML-formatted file.
 3 | # Declare variables to be passed into your templates.
 4 | appVersion: "6.1.1"
 5 | 
 6 | namespace: "logging"
 7 | clusterName: "cluster-efk"
 8 | logsPrefix: "gslogs"
 9 | 
10 | ## Specify if a Pod Security Policy for node-exporter must be created
11 | ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
12 | ##
13 | podSecurityPolicy:
14 |   enabled: false
15 | 
16 | elasticsearch:
17 |   image:
18 |     repository: "docker.elastic.co/elasticsearch/elasticsearch-oss"
19 |     tag: "6.1.1"
20 |     pullPolicy: "IfNotPresent"
21 | 
22 |   persistence:
23 |     enabled: true
24 |     pvcName: "elasticsearch-data"
25 |     size: "10Gi"
26 | 
27 |   resources:
28 |     limits:
29 |       cpu: "750m"
30 |       memory: "6Gi"
31 |     requests:
32 |       cpu: "750m"
33 |       memory: "4Gi"
34 | 
35 |   nodeAffinity: {}
36 |   nodeSelector: {}
37 |   tolerations: []
38 | 
39 | curator:
40 |   retention: "14" #Days
41 |   # Once every night. We randomly chose 03:33 to avoid 00:00.
42 |   cron: "25 11 * * *"
43 | 
44 | fluentbit:
45 |   image:
46 |     repository: "fluent/fluent-bit"
47 |     tag: "0.14.6"
48 |     pullPolicy: "IfNotPresent"
49 | 
50 | kibana:
51 |   image:
52 |     repository: "docker.elastic.co/kibana/kibana-oss"
53 |     tag: "6.1.4"
54 |     pullPolicy: "IfNotPresent"
55 | 
56 |   tls:
57 |     crt: 
58 |     key: 
59 |   
60 |   ingress:
61 |     enabled: false
62 |     host: ""
63 |     whitelist:
64 |       enabled: false
65 |       ranges: ""
66 |     letsencrypt:
67 |       enabled: false
68 | 


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: 7.4.0
3 | description: Logging stack with Elasticsearch, fluentd and Kibana
4 | name: kubernetes-elastic-stack-elastic-logging
5 | version: [[ .Version ]]
6 | 


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-0.2.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-0.2.1.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-curator-2.0.3.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-curator-2.0.3.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-exporter-0.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/elasticsearch-exporter-0.1.0.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/fluentd-elasticsearch-0.2.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/fluentd-elasticsearch-0.2.2.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/keycloak-gatekeeper-1.1.1-3.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/keycloak-gatekeeper-1.1.1-3.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/charts/kibana-0.2.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/giantswarm/kubernetes-elastic-stack/3b7ff795ebedf11b58116f50207b504e5b1911e0/helm/kubernetes-elastic-stack-elastic-logging/charts/kibana-0.2.0.tgz


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/requirements.lock:
--------------------------------------------------------------------------------
 1 | dependencies:
 2 | - name: elasticsearch
 3 |   repository: https://giantswarm.github.com/sample-catalog
 4 |   version: 0.2.1
 5 | - name: fluentd-elasticsearch
 6 |   repository: https://giantswarm.github.com/sample-catalog
 7 |   version: 0.2.2
 8 | - name: kibana
 9 |   repository: https://giantswarm.github.com/sample-catalog
10 |   version: 0.2.0
11 | - name: keycloak-gatekeeper
12 |   repository: https://giantswarm.github.com/sample-catalog
13 |   version: 1.1.1-3
14 | - name: elasticsearch-exporter
15 |   repository: https://giantswarm.github.com/sample-catalog
16 |   version: 0.1.0
17 | - name: elasticsearch-curator
18 |   repository: https://giantswarm.github.com/sample-catalog
19 |   version: 2.0.3
20 | digest: sha256:3a31cae9f2a08373b5f0b794393503186cbbeddc709453052cfb7778df23409d
21 | generated: "2019-10-14T12:28:45.605097747+02:00"
22 | 


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/requirements.yaml:
--------------------------------------------------------------------------------
 1 | dependencies:
 2 | - name: elasticsearch
 3 |   version: "0.2.1"
 4 |   repository: https://giantswarm.github.com/sample-catalog
 5 |   condition: elasticsearch.enabled
 6 |   
 7 | - name: fluentd-elasticsearch
 8 |   version: "0.2.2"
 9 |   repository: https://giantswarm.github.com/sample-catalog
10 |   condition: fluentd-elasticsearch.enabled
11 | 
12 | - name: kibana
13 |   version: "0.2.0"
14 |   repository: https://giantswarm.github.com/sample-catalog
15 |   condition: kibana.enabled
16 | 
17 | - name: keycloak-gatekeeper
18 |   version: "1.1.1-3"
19 |   repository: https://giantswarm.github.com/sample-catalog
20 |   condition: keycloak-gatekeeper.enabled
21 | 
22 | - name: elasticsearch-exporter
23 |   version: "0.1.0"
24 |   repository: https://giantswarm.github.com/sample-catalog
25 |   condition: elasticsearch-exporter.enabled
26 | 
27 | - name: elasticsearch-curator
28 |   version: "2.0.3"
29 |   repository: https://giantswarm.github.com/sample-catalog
30 |   condition: elasticsearch-curator.enabled
31 | 


--------------------------------------------------------------------------------
/helm/kubernetes-elastic-stack-elastic-logging/values.yaml:
--------------------------------------------------------------------------------
 1 | elasticsearch:
 2 |   enabled: true
 3 |   # for options see https://github.com/giantswarm/helm-elasticsearch
 4 | 
 5 | kibana:
 6 |   enabled: true
 7 |   # for options see https://github.com/giantswarm/helm-kibana
 8 | 
 9 | keycloak-gatekeeper:
10 |   enabled: false
11 |   # for options see https://github.com/giantswarm/helm-keycloak-gatekeeper
12 | 
13 | fluentd-elasticsearch:
14 |   enabled: true
15 |   # for options see https://github.com/kiwigrid/helm-charts/tree/master/charts/fluentd-elasticsearch
16 | 
17 | elasticsearch-exporter:
18 |   enabled: true
19 |   # for options see https://github.com/helm/charts/tree/master/stable/elasticsearch-exporter
20 | 
21 | elasticsearch-curator:
22 |   enabled: true
23 |   # for options see https://github.com/helm/charts/tree/master/stable/elasticsearch-exporter
24 | 


--------------------------------------------------------------------------------
/manifests-all.yaml:
--------------------------------------------------------------------------------
  1 | # Derived from ./manifests
  2 | ---
  3 | ---
  4 | apiVersion: rbac.authorization.k8s.io/v1beta1
  5 | kind: ClusterRole
  6 | metadata:
  7 |   name: elasticsearch
  8 |   labels:
  9 |     app: elasticsearch
 10 |     stack: logging
 11 | rules:
 12 | - apiGroups:
 13 |   - extensions
 14 |   resources:
 15 |   - podsecuritypolicies
 16 |   resourceNames:
 17 |   - elasticsearch
 18 |   verbs:
 19 |   - use
 20 | ---
 21 | kind: ClusterRoleBinding
 22 | apiVersion: rbac.authorization.k8s.io/v1beta1
 23 | metadata:
 24 |   name: elasticsearch
 25 |   labels:
 26 |     app: elasticsearch
 27 |     stack: logging
 28 | subjects:
 29 | - kind: ServiceAccount
 30 |   name: elasticsearch
 31 |   namespace: default
 32 | roleRef:
 33 |   kind: ClusterRole
 34 |   name: elasticsearch
 35 |   apiGroup: rbac.authorization.k8s.io
 36 | ---
 37 | apiVersion: v1
 38 | kind: ServiceAccount
 39 | metadata:
 40 |   name: elasticsearch
 41 |   labels:
 42 |     app: elasticsearch
 43 |     stack: logging
 44 | ---
 45 | apiVersion: extensions/v1beta1
 46 | kind: PodSecurityPolicy
 47 | metadata:
 48 |   name: elasticsearch
 49 |   labels:
 50 |     app: elasticsearch
 51 |     stack: logging
 52 | spec:
 53 |   fsGroup:
 54 |     rule: RunAsAny
 55 |   privileged: true
 56 |   runAsUser:
 57 |     rule: RunAsAny
 58 |   seLinux:
 59 |     rule: RunAsAny
 60 |   allowedCapabilities:
 61 |   - 'IPC_LOCK'
 62 |   - 'SYS_RESOURCE'
 63 |   supplementalGroups:
 64 |     rule: RunAsAny
 65 |   volumes:
 66 |   - '*'
 67 |   hostPID: true
 68 |   hostIPC: true
 69 |   hostNetwork: true
 70 |   hostPorts:
 71 |   - min: 1
 72 |     max: 65536
 73 | ---
 74 | apiVersion: v1
 75 | kind: ConfigMap
 76 | metadata:
 77 |   name: elasticsearch
 78 |   labels:
 79 |     app: elasticsearch
 80 |     stack: logging
 81 | data:
 82 |   elasticsearch.yml: |
 83 |     cluster.name: full-stack-cluster
 84 |     node.name: node-1
 85 |     path.data: /usr/share/elasticsearch/data
 86 |     http:
 87 |       host: 0.0.0.0
 88 |       port: 9200
 89 |     bootstrap.memory_lock: true
 90 |     transport.host: 127.0.0.1
 91 | ---
 92 | apiVersion: extensions/v1beta1
 93 | kind: Deployment
 94 | metadata:
 95 |   name: elasticsearch
 96 |   labels:
 97 |     app: elasticsearch
 98 |     stack: logging
 99 | spec:
100 |   replicas: 1
101 |   strategy:
102 |     type: Recreate
103 |   template:
104 |     metadata:
105 |       labels:
106 |         app: elasticsearch
107 |         stack: logging
108 |     spec:
109 |       serviceAccountName: elasticsearch
110 |       initContainers:
111 |       - name: set-vm-max-map-count
112 |         image: busybox
113 |         imagePullPolicy: IfNotPresent
114 |         command: ['sysctl', '-w', 'vm.max_map_count=262144']
115 |         securityContext:
116 |           privileged: true
117 |       - name: volume-mount-hack
118 |         image: busybox
119 |         imagePullPolicy: IfNotPresent
120 |         command: ["sh", "-c", "chown -R 1000:100 /usr/share/elasticsearch/data"]
121 |         volumeMounts:
122 |         - name: data
123 |           mountPath: /usr/share/elasticsearch/data
124 |       containers:
125 |       - name: elasticsearch
126 |         image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.0.0
127 |         imagePullPolicy: IfNotPresent
128 |         env:
129 |         - name: ES_JAVA_OPTS
130 |           value: -Xms1024m -Xmx1024m
131 |           # ES_MEM_LIMIT=2g
132 |           # ES_JVM_HEAP=1024m
133 |         ports:
134 |         - containerPort: 9200
135 |         resources:
136 |           limits:
137 |             memory: "2147483648"
138 |         volumeMounts:
139 |         - name: config
140 |           mountPath: /usr/share/elasticsearch/elasticsearch.yml
141 |           subPath: elasticsearch.yml
142 |         - name: data
143 |           mountPath: /usr/share/elasticsearch/data
144 |       # Allow non-root user to access PersistentVolume
145 |       securityContext:
146 |         fsGroup: 1000
147 |       restartPolicy: Always
148 |       volumes:
149 |       - name: config
150 |         configMap:
151 |           name: elasticsearch
152 |       - name: data
153 |         persistentVolumeClaim:
154 |           claimName: elasticsearch
155 |       # - name: data
156 |       #   hostPath:
157 |       #     path: /srv/elasticsearch-data
158 | ---
159 | # apiVersion: extensions/v1beta1
160 | # kind: Ingress
161 | # metadata:
162 | #   name: elasticsearch
163 | #   labels:
164 | #     app: elasticsearch
165 | #     stack: logging
166 | # spec:
167 | #   rules:
168 | #   -
169 | #     # host: elasticsearch.minikube.localnet
170 | #     host: <YOUR_HOST>
171 | #     http:
172 | #       paths:
173 | #       - path: /
174 | #         backend:
175 | #           serviceName: elasticsearch
176 | #           servicePort: 9200
177 | ---
178 | apiVersion: v1
179 | kind: PersistentVolumeClaim
180 | metadata:
181 |   name: elasticsearch
182 |   labels:
183 |     app: elasticsearch
184 |     stack: logging
185 | spec:
186 |   # storageClassName: standard
187 |   accessModes:
188 |   - ReadWriteOnce
189 |   resources:
190 |     requests:
191 |       storage: 1G
192 | ---
193 | apiVersion: v1
194 | kind: Service
195 | metadata:
196 |   name: elasticsearch
197 |   labels:
198 |     app: elasticsearch
199 |     stack: logging
200 | spec:
201 |   # needed on minikube
202 |   type: NodePort
203 |   ports:
204 |   - name: "api"
205 |     port: 9200
206 |     targetPort: 9200
207 |   selector:
208 |     app: elasticsearch
209 |     stack: logging
210 | ---
211 | kind: Role
212 | apiVersion: rbac.authorization.k8s.io/v1
213 | metadata:
214 |   name: fluentd
215 |   namespace: default
216 |   labels:
217 |     app: fluentd
218 |     stack: logging
219 | rules:
220 | - apiGroups:
221 |   - extensions
222 |   resources:
223 |   - podsecuritypolicies
224 |   resourceNames:
225 |   - fluentd
226 |   verbs:
227 |   - use
228 | ---
229 | kind: RoleBinding
230 | apiVersion: rbac.authorization.k8s.io/v1
231 | metadata:
232 |   name: fluentd
233 |   namespace: default
234 |   labels:
235 |     app: fluentd
236 |     stack: logging
237 | subjects:
238 | - kind: ServiceAccount
239 |   name: fluentd
240 | roleRef:
241 |   kind: Role
242 |   name: fluentd
243 |   apiGroup: rbac.authorization.k8s.io
244 | ---
245 | apiVersion: v1
246 | kind: ServiceAccount
247 | metadata:
248 |   name: fluentd
249 |   labels:
250 |     app: fluentd
251 |     stack: logging
252 | ---
253 | apiVersion: extensions/v1beta1
254 | kind: PodSecurityPolicy
255 | metadata:
256 |   name: fluentd
257 |   labels:
258 |     app: fluentd
259 |     stack: logging
260 | spec:
261 |   fsGroup:
262 |     rule: RunAsAny
263 |   runAsUser:
264 |     rule: RunAsAny
265 |   seLinux:
266 |     rule: RunAsAny
267 |   supplementalGroups:
268 |     rule: RunAsAny
269 |   volumes:
270 |   - emptyDir
271 |   - secret
272 |   - downwardAPI
273 |   - configMap
274 |   - persistentVolumeClaim
275 |   - projected
276 |   - hostPath
277 | ---
278 | kind: ClusterRole
279 | apiVersion: rbac.authorization.k8s.io/v1
280 | metadata:
281 |   name: fluentd
282 |   labels:
283 |     app: fluentd
284 |     stack: logging
285 | rules:
286 | - apiGroups: [""] # core API group
287 |   resources: ["pods", "namespaces"]
288 |   verbs: ["get", "watch", "list"]
289 | ---
290 | kind: ClusterRoleBinding
291 | apiVersion: rbac.authorization.k8s.io/v1
292 | metadata:
293 |   name: fluentd
294 |   labels:
295 |     app: fluentd
296 |     stack: logging
297 | subjects:
298 | - kind: ServiceAccount
299 |   name: fluentd
300 |   namespace: default
301 | roleRef:
302 |   kind: ClusterRole
303 |   name: fluentd
304 |   apiGroup: rbac.authorization.k8s.io
305 | ---
306 | apiVersion: v1
307 | kind: ConfigMap
308 | metadata:
309 |   name: fluentd
310 |   # namespace: logging-fluentd
311 |   labels:
312 |     app: fluentd
313 | data:
314 |   output.conf: |
315 |     # Enriches records with Kubernetes metadata
316 |     <filter kubernetes.**>
317 |       @type kubernetes_metadata
318 |     </filter>
319 |     
320 |     <match **>
321 |       @id elasticsearch
322 |       @type elasticsearch
323 |       @log_level info
324 |       include_tag_key true
325 |       type_name fluentd
326 |       host "#{ENV['OUTPUT_HOST']}"
327 |       port "#{ENV['OUTPUT_PORT']}"
328 |       logstash_format true
329 |       <buffer>
330 |         @type file
331 |         path /var/log/fluentd-buffers/kubernetes.system.buffer
332 |         flush_mode interval
333 |         retry_type exponential_backoff
334 |         flush_thread_count 2
335 |         flush_interval 5s
336 |         retry_forever
337 |         retry_max_interval 30
338 |         chunk_limit_size "#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}"
339 |         queue_limit_length "#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}"
340 |         overflow_action block
341 |       </buffer>
342 |     </match>
343 |   
344 | 
345 |   kubernetes.conf: |
346 |     # This configuration file for Fluentd / td-agent is used
347 |     # to watch changes to Docker log files. The kubelet creates symlinks that
348 |     # capture the pod name, namespace, container name & Docker container ID
349 |     # to the docker logs for pods in the /var/log/containers directory on the host.
350 |     # If running this fluentd configuration in a Docker container, the /var/log
351 |     # directory should be mounted in the container.
352 |     #
353 |     # These logs are then submitted to Elasticsearch which assumes the
354 |     # installation of the fluent-plugin-elasticsearch & the
355 |     # fluent-plugin-kubernetes_metadata_filter plugins.
356 |     # See https://github.com/uken/fluent-plugin-elasticsearch &
357 |     # https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter for
358 |     # more information about the plugins.
359 |     #
360 |     # Example
361 |     # =======
362 |     # A line in the Docker log file might look like this JSON:
363 |     #
364 |     # {"log":"2014/09/25 21:15:03 Got request with path wombat\n",
365 |     #  "stream":"stderr",
366 |     #   "time":"2014-09-25T21:15:03.499185026Z"}
367 |     #
368 |     # The time_format specification below makes sure we properly
369 |     # parse the time format produced by Docker. This will be
370 |     # submitted to Elasticsearch and should appear like:
371 |     # $ curl 'http://elasticsearch-logging:9200/_search?pretty'
372 |     # ...
373 |     # {
374 |     #      "_index" : "logstash-2014.09.25",
375 |     #      "_type" : "fluentd",
376 |     #      "_id" : "VBrbor2QTuGpsQyTCdfzqA",
377 |     #      "_score" : 1.0,
378 |     #      "_source":{"log":"2014/09/25 22:45:50 Got request with path wombat\n",
379 |     #                 "stream":"stderr","tag":"docker.container.all",
380 |     #                 "@timestamp":"2014-09-25T22:45:50+00:00"}
381 |     #    },
382 |     # ...
383 |     #
384 |     # The Kubernetes fluentd plugin is used to write the Kubernetes metadata to the log
385 |     # record & add labels to the log record if properly configured. This enables users
386 |     # to filter & search logs on any metadata.
387 |     # For example a Docker container's logs might be in the directory:
388 |     #
389 |     #  /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b
390 |     #
391 |     # and in the file:
392 |     #
393 |     #  997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
394 |     #
395 |     # where 997599971ee6... is the Docker ID of the running container.
396 |     # The Kubernetes kubelet makes a symbolic link to this file on the host machine
397 |     # in the /var/log/containers directory which includes the pod name and the Kubernetes
398 |     # container name:
399 |     #
400 |     #    synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
401 |     #    ->
402 |     #    /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
403 |     #
404 |     # The /var/log directory on the host is mapped to the /var/log directory in the container
405 |     # running this instance of Fluentd and we end up collecting the file:
406 |     #
407 |     #   /var/log/containers/synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
408 |     #
409 |     # This results in the tag:
410 |     #
411 |     #  var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
412 |     #
413 |     # The Kubernetes fluentd plugin is used to extract the namespace, pod name & container name
414 |     # which are added to the log message as a kubernetes field object & the Docker container ID
415 |     # is also added under the docker field object.
416 |     # The final tag is:
417 |     #
418 |     #   kubernetes.var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
419 |     #
420 |     # And the final log record look like:
421 |     #
422 |     # {
423 |     #   "log":"2014/09/25 21:15:03 Got request with path wombat\n",
424 |     #   "stream":"stderr",
425 |     #   "time":"2014-09-25T21:15:03.499185026Z",
426 |     #   "kubernetes": {
427 |     #     "namespace": "default",
428 |     #     "pod_name": "synthetic-logger-0.25lps-pod",
429 |     #     "container_name": "synth-lgr"
430 |     #   },
431 |     #   "docker": {
432 |     #     "container_id": "997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b"
433 |     #   }
434 |     # }
435 |     #
436 |     # This makes it easier for users to search for logs by pod name or by
437 |     # the name of the Kubernetes container regardless of how many times the
438 |     # Kubernetes pod has been restarted (resulting in a several Docker container IDs).
439 |     # Json Log Example:
440 |     # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
441 |     # CRI Log Example:
442 |     # 2016-02-17T00:04:05.931087621Z stdout F [info:2016-02-16T16:04:05.930-08:00] Some log text here
443 |     <source>
444 |       @id fluentd-containers.log
445 |       @type tail
446 |       path /var/log/containers/*.log
447 |       pos_file /var/log/fluentd-containers.log.pos
448 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
449 |       tag raw.kubernetes.*
450 |       format json
451 |       read_from_head true
452 |     </source>
453 |     # Detect exceptions in the log output and forward them as one log entry.
454 |     <match raw.kubernetes.**>
455 |       @id raw.kubernetes
456 |       @type detect_exceptions
457 |       remove_tag_prefix raw
458 |       message log
459 |       stream stream
460 |       multiline_flush_interval 5
461 |       max_bytes 500000
462 |       max_lines 1000
463 |     </match>
464 |     # Multi-line parsing is required for all the kube logs because very large log
465 |     # statements, such as those that include entire object bodies, get split into
466 |     # multiple lines by glog.
467 |     # Example:
468 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
469 |     <source>
470 |       @id kubelet.log
471 |       @type tail
472 |       format multiline
473 |       multiline_flush_interval 5s
474 |       format_firstline /^\w\d{4}/
475 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
476 |       time_format %m%d %H:%M:%S.%N
477 |       path /var/log/kubelet.log
478 |       pos_file /var/log/kubelet.log.pos
479 |       tag kubelet
480 |     </source>
481 |     # Example:
482 |     # I1118 21:26:53.975789       6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed
483 |     <source>
484 |       @id kube-proxy.log
485 |       @type tail
486 |       format multiline
487 |       multiline_flush_interval 5s
488 |       format_firstline /^\w\d{4}/
489 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
490 |       time_format %m%d %H:%M:%S.%N
491 |       path /var/log/kube-proxy.log
492 |       pos_file /var/log/kube-proxy.log.pos
493 |       tag kube-proxy
494 |     </source>
495 |     # Example:
496 |     # I0204 07:00:19.604280       5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
497 |     <source>
498 |       @id kube-apiserver.log
499 |       @type tail
500 |       format multiline
501 |       multiline_flush_interval 5s
502 |       format_firstline /^\w\d{4}/
503 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
504 |       time_format %m%d %H:%M:%S.%N
505 |       path /var/log/kube-apiserver.log
506 |       pos_file /var/log/kube-apiserver.log.pos
507 |       tag kube-apiserver
508 |     </source>
509 |     # Example:
510 |     # I0204 06:55:31.872680       5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kube-ui
511 |     <source>
512 |       @id kube-controller-manager.log
513 |       @type tail
514 |       format multiline
515 |       multiline_flush_interval 5s
516 |       format_firstline /^\w\d{4}/
517 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
518 |       time_format %m%d %H:%M:%S.%N
519 |       path /var/log/kube-controller-manager.log
520 |       pos_file /var/log/kube-controller-manager.log.pos
521 |       tag kube-controller-manager
522 |     </source>
523 |     # Example:
524 |     # W0204 06:49:18.239674       7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
525 |     <source>
526 |       @id kube-scheduler.log
527 |       @type tail
528 |       format multiline
529 |       multiline_flush_interval 5s
530 |       format_firstline /^\w\d{4}/
531 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
532 |       time_format %m%d %H:%M:%S.%N
533 |       path /var/log/kube-scheduler.log
534 |       pos_file /var/log/kube-scheduler.log.pos
535 |       tag kube-scheduler
536 |     </source>
537 | 
538 |   # prometheus.conf: |
539 |   #   # https://github.com/kazegusuri/fluent-plugin-prometheus#usage
540 |   #
541 |   #   <source>
542 |   #     @type prometheus
543 |   #   </source>
544 |   #
545 |   #   <source>
546 |   #     @type prometheus_monitor
547 |   #   </source>
548 |   #
549 |   #   <filter **>
550 |   #     @type prometheus
551 |   #     <metric>
552 |   #       name fluentd_records_total
553 |   #       type counter
554 |   #       desc The total number of records read by fluentd.
555 |   #     </metric>
556 |   #   </filter>
557 | ---
558 | apiVersion: extensions/v1beta1
559 | kind: DaemonSet
560 | metadata:
561 |   name: fluentd
562 |   labels:
563 |     app: fluentd
564 | spec:
565 |   template:
566 |     metadata:
567 |       name: fluentd
568 |       labels:
569 |         app: fluentd
570 |     spec:
571 |       serviceAccountName: fluentd
572 |       containers:
573 |       - name: fluentd
574 |         image: gcr.io/google-containers/fluentd-elasticsearch:v2.3.1
575 |         imagePullPolicy: IfNotPresent
576 |         env:
577 |         - name: OUTPUT_HOST
578 |           value: 'elasticsearch.default.svc'
579 |         - name: OUTPUT_PORT
580 |           value: '9200'
581 |         - name: OUTPUT_BUFFER_CHUNK_LIMIT
582 |           value: '2M'
583 |         - name: OUTPUT_BUFFER_QUEUE_LIMIT
584 |           value: '8'
585 |         - name: K8S_NODE_NAME
586 |           valueFrom:
587 |             fieldRef:
588 |               fieldPath: spec.nodeName
589 |         volumeMounts:
590 |         - name: varlog
591 |           mountPath: /var/log
592 |         - name: varlibdockercontainers
593 |           mountPath: /var/lib/docker/containers
594 |           readOnly: true
595 |         - name: libsystemddir
596 |           mountPath: /host/lib
597 |           readOnly: true
598 |         - name: config-volume-fluentd
599 |           mountPath: /etc/fluent/config.d
600 |         # Liveness probe is aimed to help in situarions where fluentd
601 |         # silently hangs for no apparent reasons until manual restart.
602 |         # The idea of this probe is that if fluentd is not queueing or
603 |         # flushing chunks for 5 minutes, something is not right. If
604 |         # you want to change the fluentd configuration, reducing amount of
605 |         # logs fluentd collects, consider changing the threshold or turning
606 |         # liveness probe off completely.
607 |         livenessProbe:
608 |           initialDelaySeconds: 600
609 |           periodSeconds: 60
610 |           exec:
611 |             command:
612 |             - '/bin/sh'
613 |             - '-c'
614 |             - >
615 |               LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
616 |               STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
617 |               if [ ! -e /var/log/fluentd-buffers ];
618 |               then
619 |                 exit 1;
620 |               fi;
621 |               touch -d "${STUCK_THRESHOLD_SECONDS} seconds ago" /tmp/marker-stuck;
622 |               if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-stuck -print -quit)" ]];
623 |               then
624 |                 rm -rf /var/log/fluentd-buffers;
625 |                 exit 1;
626 |               fi;
627 |               touch -d "${LIVENESS_THRESHOLD_SECONDS} seconds ago" /tmp/marker-liveness;
628 |               if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-liveness -print -quit)" ]];
629 |               then
630 |                 exit 1;
631 |               fi;
632 |       volumes:
633 |       - name: varlog
634 |         hostPath:
635 |           path: /var/log
636 |       - name: varlibdockercontainers
637 |         hostPath:
638 |           path: /var/lib/docker/containers
639 |       # It is needed to copy systemd library to decompress journals
640 |       - name: libsystemddir
641 |         hostPath:
642 |           path: /usr/lib64
643 |       - name: config-volume-fluentd
644 |         configMap:
645 |           name: fluentd
646 | ---
647 | apiVersion: v1
648 | kind: ConfigMap
649 | metadata:
650 |   name: kibana
651 |   labels:
652 |     app: kibana
653 |     stack: logging
654 | data:
655 |   kibana.yml: |
656 |     server:
657 |       name: "full-stack-example"
658 |       port: 127.0.0.1:5601
659 |     elasticsearch.url: "http://elasticsearch:9200"
660 | ---
661 | apiVersion: extensions/v1beta1
662 | kind: Deployment
663 | metadata:
664 |   name: kibana
665 |   labels:
666 |     app: kibana
667 |     stack: logging
668 | spec:
669 |   replicas: 1
670 |   strategy:
671 |     type: Recreate
672 |   template:
673 |     metadata:
674 |       labels:
675 |         app: kibana
676 |         stack: logging
677 |     spec:
678 |       # FIXME
679 |       # healthcheck + resources
680 |       containers:
681 |       - name: kibana
682 |         image: docker.elastic.co/kibana/kibana-oss:6.0.0
683 |         imagePullPolicy: IfNotPresent
684 |         env:
685 |         - name: ELASTICSEARCH_PASSWORD
686 |           value: changeme
687 |         ports:
688 |         - containerPort: 5601
689 |         resources: {}
690 |         volumeMounts:
691 |         - name: config
692 |           mountPath: /usr/share/kibana/kibana.yml
693 |           subPath: kibana.yml
694 |       restartPolicy: Always
695 |       volumes:
696 |       - name: config
697 |         configMap:
698 |           name: kibana
699 | ---
700 | # apiVersion: extensions/v1beta1
701 | # kind: Ingress
702 | # metadata:
703 | #   name: kibana
704 | #   labels:
705 | #     app: kibana
706 | #     stack: logging
707 | #   annotations:
708 | #     ingress.kubernetes.io/auth-signin: https://$host/oauth2/start
709 | #     ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
710 | #     kubernetes.io/tls-acme: "true"
711 | # spec:
712 | #   rules:
713 | #   - host: <YOUR_HOST>
714 | #     http:
715 | #       paths:
716 | #       - path: /
717 | #         backend:
718 | #           serviceName: kibana
719 | #           servicePort: 5601
720 | #   tls:
721 | #   - secretName: kibana-tls
722 | #     hosts:
723 | #     - <YOUR_HOST>
724 | 
725 | # ---
726 | # apiVersion: extensions/v1beta1
727 | # kind: Ingress
728 | # metadata:
729 | #   name: kibana-auth
730 | #   labels:
731 | #     app: kibana-auth
732 | #     stack: logging
733 | #   annotations:
734 | #     kubernetes.io/tls-acme: "true"
735 | # spec:
736 | #   rules:
737 | #   - host: <YOUR_HOST>
738 | #     http:
739 | #       paths:
740 | #       - path: /oauth2
741 | #         backend:
742 | #           serviceName: oauth2-proxy
743 | #           servicePort: 4180
744 | #   tls:
745 | #   - secretName: kibana-tls
746 | #     hosts:
747 | #     - <YOUR_HOST>
748 | ---
749 | apiVersion: v1
750 | kind: Service
751 | metadata:
752 |   name: kibana
753 |   labels:
754 |     app: kibana
755 |     stack: logging
756 | spec:
757 |   type: NodePort
758 |   ports:
759 |   - name: "ui"
760 |     port: 5601
761 |     targetPort: 5601
762 |   selector:
763 |     app: kibana
764 |     stack: logging
765 | ---
766 | apiVersion: v1
767 | kind: ConfigMap
768 | metadata:
769 |   name: oauth2-proxy
770 |   labels:
771 |     app: oauth2-proxy
772 | data:
773 |   oauth2_proxy.cfg: |
774 |     # for reference see https://github.com/bitly/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example
775 | 
776 |     http_address = "0.0.0.0:4180"
777 |     upstreams = ["file:///dev/null"]
778 | 
779 |     provider = "github"
780 |     email_domains = ["*"]
781 |     github_org = "<GITHUB_ORG>"
782 |     github_team = "<GITHUB_TEAM>"
783 |     client_id = "<OIDC_ID>"
784 |     client_secret = "<OIDC_SECRET>"
785 |     cookie_secret = "<OIDC_COOKIE>"
786 | ---
787 | apiVersion: extensions/v1beta1
788 | kind: Deployment
789 | metadata:
790 |   name: oauth2-proxy
791 |   labels:
792 |     app: oauth2-proxy
793 | spec:
794 |   replicas: 1
795 |   selector:
796 |     matchLabels:
797 |       app: oauth2-proxy
798 |   template:
799 |     metadata:
800 |       labels:
801 |         app: oauth2-proxy
802 |     spec:
803 |       containers:
804 |       - name: oauth2-proxy
805 |         image: giantswarm/oauth2_proxy:master
806 |         imagePullPolicy: IfNotPresent
807 |         ports:
808 |         - containerPort: 4180
809 |           protocol: TCP
810 |         volumeMounts:
811 |         - name: config
812 |           mountPath: /etc/oauth2_proxy
813 |       volumes:
814 |       - name: config
815 |         configMap:
816 |           name: oauth2-proxy
817 | ---
818 | apiVersion: v1
819 | kind: Service
820 | metadata:
821 |   name: oauth2-proxy
822 |   labels:
823 |     app: oauth2-proxy
824 | spec:
825 |   ports:
826 |   - name: http
827 |     port: 4180
828 |     protocol: TCP
829 |     targetPort: 4180
830 |   selector:
831 |     app: oauth2-proxy
832 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/1-rbac-sa-psp.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: rbac.authorization.k8s.io/v1beta1
 3 | kind: ClusterRole
 4 | metadata:
 5 |   name: elasticsearch
 6 |   labels:
 7 |     app: elasticsearch
 8 |     stack: logging
 9 | rules:
10 | - apiGroups:
11 |   - extensions
12 |   resources:
13 |   - podsecuritypolicies
14 |   resourceNames:
15 |   - elasticsearch
16 |   verbs:
17 |   - use
18 | ---
19 | kind: ClusterRoleBinding
20 | apiVersion: rbac.authorization.k8s.io/v1beta1
21 | metadata:
22 |   name: elasticsearch
23 |   labels:
24 |     app: elasticsearch
25 |     stack: logging
26 | subjects:
27 | - kind: ServiceAccount
28 |   name: elasticsearch
29 |   namespace: default
30 | roleRef:
31 |   kind: ClusterRole
32 |   name: elasticsearch
33 |   apiGroup: rbac.authorization.k8s.io
34 | ---
35 | apiVersion: v1
36 | kind: ServiceAccount
37 | metadata:
38 |   name: elasticsearch
39 |   labels:
40 |     app: elasticsearch
41 |     stack: logging
42 | ---
43 | apiVersion: extensions/v1beta1
44 | kind: PodSecurityPolicy
45 | metadata:
46 |   name: elasticsearch
47 |   labels:
48 |     app: elasticsearch
49 |     stack: logging
50 | spec:
51 |   fsGroup:
52 |     rule: RunAsAny
53 |   privileged: true
54 |   runAsUser:
55 |     rule: RunAsAny
56 |   seLinux:
57 |     rule: RunAsAny
58 |   allowedCapabilities:
59 |   - 'IPC_LOCK'
60 |   - 'SYS_RESOURCE'
61 |   supplementalGroups:
62 |     rule: RunAsAny
63 |   volumes:
64 |   - '*'
65 |   hostPID: true
66 |   hostIPC: true
67 |   hostNetwork: true
68 |   hostPorts:
69 |   - min: 1
70 |     max: 65536
71 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: elasticsearch
 5 |   labels:
 6 |     app: elasticsearch
 7 |     stack: logging
 8 | data:
 9 |   elasticsearch.yml: |
10 |     cluster.name: full-stack-cluster
11 |     node.name: node-1
12 |     path.data: /usr/share/elasticsearch/data
13 |     http:
14 |       host: 0.0.0.0
15 |       port: 9200
16 |     bootstrap.memory_lock: true
17 |     transport.host: 127.0.0.1
18 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: elasticsearch
 5 |   labels:
 6 |     app: elasticsearch
 7 |     stack: logging
 8 | spec:
 9 |   replicas: 1
10 |   strategy:
11 |     type: Recreate
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: elasticsearch
16 |         stack: logging
17 |     spec:
18 |       serviceAccountName: elasticsearch
19 |       initContainers:
20 |       - name: set-vm-max-map-count
21 |         image: busybox
22 |         imagePullPolicy: IfNotPresent
23 |         command: ['sysctl', '-w', 'vm.max_map_count=262144']
24 |         securityContext:
25 |           privileged: true
26 |       - name: volume-mount-hack
27 |         image: busybox
28 |         imagePullPolicy: IfNotPresent
29 |         command: ["sh", "-c", "chown -R 1000:100 /usr/share/elasticsearch/data"]
30 |         volumeMounts:
31 |         - name: data
32 |           mountPath: /usr/share/elasticsearch/data
33 |       containers:
34 |       - name: elasticsearch
35 |         image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.0.0
36 |         imagePullPolicy: IfNotPresent
37 |         env:
38 |         - name: ES_JAVA_OPTS
39 |           value: -Xms1024m -Xmx1024m
40 |           # ES_MEM_LIMIT=2g
41 |           # ES_JVM_HEAP=1024m
42 |         ports:
43 |         - containerPort: 9200
44 |         resources:
45 |           limits:
46 |             memory: "2147483648"
47 |         volumeMounts:
48 |         - name: config
49 |           mountPath: /usr/share/elasticsearch/elasticsearch.yml
50 |           subPath: elasticsearch.yml
51 |         - name: data
52 |           mountPath: /usr/share/elasticsearch/data
53 |       # Allow non-root user to access PersistentVolume
54 |       securityContext:
55 |         fsGroup: 1000
56 |       restartPolicy: Always
57 |       volumes:
58 |       - name: config
59 |         configMap:
60 |           name: elasticsearch
61 |       - name: data
62 |         persistentVolumeClaim:
63 |           claimName: elasticsearch
64 |       # - name: data
65 |       #   hostPath:
66 |       #     path: /srv/elasticsearch-data
67 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: elasticsearch
 5 |   labels:
 6 |     app: elasticsearch
 7 |     stack: logging
 8 | spec:
 9 |   rules:
10 |   -
11 |     # host: elasticsearch.minikube.localnet
12 |     host: elasticsearch.j9egj.k8s.ginger.eu-central-1.aws.gigantic.io
13 |     http:
14 |       paths:
15 |       - path: /
16 |         backend:
17 |           serviceName: elasticsearch
18 |           servicePort: 9200
19 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/persistentvolumeclaim.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: elasticsearch
 5 |   labels:
 6 |     app: elasticsearch
 7 |     stack: logging
 8 | spec:
 9 |   # storageClassName: standard
10 |   accessModes:
11 |   - ReadWriteOnce
12 |   resources:
13 |     requests:
14 |       storage: 1G
15 | 


--------------------------------------------------------------------------------
/manifests/elasticsearch/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: elasticsearch
 5 |   labels:
 6 |     app: elasticsearch
 7 |     stack: logging
 8 | spec:
 9 |   # needed on minikube
10 |   type: NodePort
11 |   ports:
12 |   - name: "api"
13 |     port: 9200
14 |     targetPort: 9200
15 |   selector:
16 |     app: elasticsearch
17 |     stack: logging
18 | 


--------------------------------------------------------------------------------
/manifests/fluentd/1-rbac-sa-psp.yaml:
--------------------------------------------------------------------------------
 1 | kind: Role
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: fluentd
 5 |   namespace: default
 6 |   labels:
 7 |     app: fluentd
 8 |     stack: logging
 9 | rules:
10 | - apiGroups:
11 |   - extensions
12 |   resources:
13 |   - podsecuritypolicies
14 |   resourceNames:
15 |   - fluentd
16 |   verbs:
17 |   - use
18 | ---
19 | kind: RoleBinding
20 | apiVersion: rbac.authorization.k8s.io/v1
21 | metadata:
22 |   name: fluentd
23 |   namespace: default
24 |   labels:
25 |     app: fluentd
26 |     stack: logging
27 | subjects:
28 | - kind: ServiceAccount
29 |   name: fluentd
30 | roleRef:
31 |   kind: Role
32 |   name: fluentd
33 |   apiGroup: rbac.authorization.k8s.io
34 | ---
35 | apiVersion: v1
36 | kind: ServiceAccount
37 | metadata:
38 |   name: fluentd
39 |   labels:
40 |     app: fluentd
41 |     stack: logging
42 | ---
43 | apiVersion: extensions/v1beta1
44 | kind: PodSecurityPolicy
45 | metadata:
46 |   name: fluentd
47 |   labels:
48 |     app: fluentd
49 |     stack: logging
50 | spec:
51 |   fsGroup:
52 |     rule: RunAsAny
53 |   runAsUser:
54 |     rule: RunAsAny
55 |   seLinux:
56 |     rule: RunAsAny
57 |   supplementalGroups:
58 |     rule: RunAsAny
59 |   volumes:
60 |   - emptyDir
61 |   - secret
62 |   - downwardAPI
63 |   - configMap
64 |   - persistentVolumeClaim
65 |   - projected
66 |   - hostPath
67 | ---
68 | kind: ClusterRole
69 | apiVersion: rbac.authorization.k8s.io/v1
70 | metadata:
71 |   name: fluentd
72 |   labels:
73 |     app: fluentd
74 |     stack: logging
75 | rules:
76 | - apiGroups: [""] # core API group
77 |   resources: ["pods", "namespaces"]
78 |   verbs: ["get", "watch", "list"]
79 | ---
80 | kind: ClusterRoleBinding
81 | apiVersion: rbac.authorization.k8s.io/v1
82 | metadata:
83 |   name: fluentd
84 |   labels:
85 |     app: fluentd
86 |     stack: logging
87 | subjects:
88 | - kind: ServiceAccount
89 |   name: fluentd
90 |   namespace: default
91 | roleRef:
92 |   kind: ClusterRole
93 |   name: fluentd
94 |   apiGroup: rbac.authorization.k8s.io
95 | 


--------------------------------------------------------------------------------
/manifests/fluentd/configmap.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: v1
  2 | kind: ConfigMap
  3 | metadata:
  4 |   name: fluentd
  5 |   # namespace: logging-fluentd
  6 |   labels:
  7 |     app: fluentd
  8 | data:
  9 |   output.conf: |
 10 |     # Enriches records with Kubernetes metadata
 11 |     <filter kubernetes.**>
 12 |       @type kubernetes_metadata
 13 |     </filter>
 14 |     
 15 |     <match **>
 16 |       @id elasticsearch
 17 |       @type elasticsearch
 18 |       @log_level info
 19 |       include_tag_key true
 20 |       type_name fluentd
 21 |       host "#{ENV['OUTPUT_HOST']}"
 22 |       port "#{ENV['OUTPUT_PORT']}"
 23 |       logstash_format true
 24 |       <buffer>
 25 |         @type file
 26 |         path /var/log/fluentd-buffers/kubernetes.system.buffer
 27 |         flush_mode interval
 28 |         retry_type exponential_backoff
 29 |         flush_thread_count 2
 30 |         flush_interval 5s
 31 |         retry_forever
 32 |         retry_max_interval 30
 33 |         chunk_limit_size "#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}"
 34 |         queue_limit_length "#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}"
 35 |         overflow_action block
 36 |       </buffer>
 37 |     </match>
 38 |   
 39 | 
 40 |   kubernetes.conf: |
 41 |     # This configuration file for Fluentd / td-agent is used
 42 |     # to watch changes to Docker log files. The kubelet creates symlinks that
 43 |     # capture the pod name, namespace, container name & Docker container ID
 44 |     # to the docker logs for pods in the /var/log/containers directory on the host.
 45 |     # If running this fluentd configuration in a Docker container, the /var/log
 46 |     # directory should be mounted in the container.
 47 |     #
 48 |     # These logs are then submitted to Elasticsearch which assumes the
 49 |     # installation of the fluent-plugin-elasticsearch & the
 50 |     # fluent-plugin-kubernetes_metadata_filter plugins.
 51 |     # See https://github.com/uken/fluent-plugin-elasticsearch &
 52 |     # https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter for
 53 |     # more information about the plugins.
 54 |     #
 55 |     # Example
 56 |     # =======
 57 |     # A line in the Docker log file might look like this JSON:
 58 |     #
 59 |     # {"log":"2014/09/25 21:15:03 Got request with path wombat\n",
 60 |     #  "stream":"stderr",
 61 |     #   "time":"2014-09-25T21:15:03.499185026Z"}
 62 |     #
 63 |     # The time_format specification below makes sure we properly
 64 |     # parse the time format produced by Docker. This will be
 65 |     # submitted to Elasticsearch and should appear like:
 66 |     # $ curl 'http://elasticsearch-logging:9200/_search?pretty'
 67 |     # ...
 68 |     # {
 69 |     #      "_index" : "logstash-2014.09.25",
 70 |     #      "_type" : "fluentd",
 71 |     #      "_id" : "VBrbor2QTuGpsQyTCdfzqA",
 72 |     #      "_score" : 1.0,
 73 |     #      "_source":{"log":"2014/09/25 22:45:50 Got request with path wombat\n",
 74 |     #                 "stream":"stderr","tag":"docker.container.all",
 75 |     #                 "@timestamp":"2014-09-25T22:45:50+00:00"}
 76 |     #    },
 77 |     # ...
 78 |     #
 79 |     # The Kubernetes fluentd plugin is used to write the Kubernetes metadata to the log
 80 |     # record & add labels to the log record if properly configured. This enables users
 81 |     # to filter & search logs on any metadata.
 82 |     # For example a Docker container's logs might be in the directory:
 83 |     #
 84 |     #  /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b
 85 |     #
 86 |     # and in the file:
 87 |     #
 88 |     #  997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
 89 |     #
 90 |     # where 997599971ee6... is the Docker ID of the running container.
 91 |     # The Kubernetes kubelet makes a symbolic link to this file on the host machine
 92 |     # in the /var/log/containers directory which includes the pod name and the Kubernetes
 93 |     # container name:
 94 |     #
 95 |     #    synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
 96 |     #    ->
 97 |     #    /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
 98 |     #
 99 |     # The /var/log directory on the host is mapped to the /var/log directory in the container
100 |     # running this instance of Fluentd and we end up collecting the file:
101 |     #
102 |     #   /var/log/containers/synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
103 |     #
104 |     # This results in the tag:
105 |     #
106 |     #  var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
107 |     #
108 |     # The Kubernetes fluentd plugin is used to extract the namespace, pod name & container name
109 |     # which are added to the log message as a kubernetes field object & the Docker container ID
110 |     # is also added under the docker field object.
111 |     # The final tag is:
112 |     #
113 |     #   kubernetes.var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
114 |     #
115 |     # And the final log record look like:
116 |     #
117 |     # {
118 |     #   "log":"2014/09/25 21:15:03 Got request with path wombat\n",
119 |     #   "stream":"stderr",
120 |     #   "time":"2014-09-25T21:15:03.499185026Z",
121 |     #   "kubernetes": {
122 |     #     "namespace": "default",
123 |     #     "pod_name": "synthetic-logger-0.25lps-pod",
124 |     #     "container_name": "synth-lgr"
125 |     #   },
126 |     #   "docker": {
127 |     #     "container_id": "997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b"
128 |     #   }
129 |     # }
130 |     #
131 |     # This makes it easier for users to search for logs by pod name or by
132 |     # the name of the Kubernetes container regardless of how many times the
133 |     # Kubernetes pod has been restarted (resulting in a several Docker container IDs).
134 |     # Json Log Example:
135 |     # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
136 |     # CRI Log Example:
137 |     # 2016-02-17T00:04:05.931087621Z stdout F [info:2016-02-16T16:04:05.930-08:00] Some log text here
138 |     <source>
139 |       @id fluentd-containers.log
140 |       @type tail
141 |       path /var/log/containers/*.log
142 |       pos_file /var/log/fluentd-containers.log.pos
143 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
144 |       tag raw.kubernetes.*
145 |       format json
146 |       read_from_head true
147 |     </source>
148 |     # Detect exceptions in the log output and forward them as one log entry.
149 |     <match raw.kubernetes.**>
150 |       @id raw.kubernetes
151 |       @type detect_exceptions
152 |       remove_tag_prefix raw
153 |       message log
154 |       stream stream
155 |       multiline_flush_interval 5
156 |       max_bytes 500000
157 |       max_lines 1000
158 |     </match>
159 |     # Multi-line parsing is required for all the kube logs because very large log
160 |     # statements, such as those that include entire object bodies, get split into
161 |     # multiple lines by glog.
162 |     # Example:
163 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
164 |     <source>
165 |       @id kubelet.log
166 |       @type tail
167 |       format multiline
168 |       multiline_flush_interval 5s
169 |       format_firstline /^\w\d{4}/
170 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
171 |       time_format %m%d %H:%M:%S.%N
172 |       path /var/log/kubelet.log
173 |       pos_file /var/log/kubelet.log.pos
174 |       tag kubelet
175 |     </source>
176 |     # Example:
177 |     # I1118 21:26:53.975789       6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed
178 |     <source>
179 |       @id kube-proxy.log
180 |       @type tail
181 |       format multiline
182 |       multiline_flush_interval 5s
183 |       format_firstline /^\w\d{4}/
184 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
185 |       time_format %m%d %H:%M:%S.%N
186 |       path /var/log/kube-proxy.log
187 |       pos_file /var/log/kube-proxy.log.pos
188 |       tag kube-proxy
189 |     </source>
190 |     # Example:
191 |     # I0204 07:00:19.604280       5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
192 |     <source>
193 |       @id kube-apiserver.log
194 |       @type tail
195 |       format multiline
196 |       multiline_flush_interval 5s
197 |       format_firstline /^\w\d{4}/
198 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
199 |       time_format %m%d %H:%M:%S.%N
200 |       path /var/log/kube-apiserver.log
201 |       pos_file /var/log/kube-apiserver.log.pos
202 |       tag kube-apiserver
203 |     </source>
204 |     # Example:
205 |     # I0204 06:55:31.872680       5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kube-ui
206 |     <source>
207 |       @id kube-controller-manager.log
208 |       @type tail
209 |       format multiline
210 |       multiline_flush_interval 5s
211 |       format_firstline /^\w\d{4}/
212 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
213 |       time_format %m%d %H:%M:%S.%N
214 |       path /var/log/kube-controller-manager.log
215 |       pos_file /var/log/kube-controller-manager.log.pos
216 |       tag kube-controller-manager
217 |     </source>
218 |     # Example:
219 |     # W0204 06:49:18.239674       7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
220 |     <source>
221 |       @id kube-scheduler.log
222 |       @type tail
223 |       format multiline
224 |       multiline_flush_interval 5s
225 |       format_firstline /^\w\d{4}/
226 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
227 |       time_format %m%d %H:%M:%S.%N
228 |       path /var/log/kube-scheduler.log
229 |       pos_file /var/log/kube-scheduler.log.pos
230 |       tag kube-scheduler
231 |     </source>
232 | 
233 |   # prometheus.conf: |
234 |   #   # https://github.com/kazegusuri/fluent-plugin-prometheus#usage
235 |   #
236 |   #   <source>
237 |   #     @type prometheus
238 |   #   </source>
239 |   #
240 |   #   <source>
241 |   #     @type prometheus_monitor
242 |   #   </source>
243 |   #
244 |   #   <filter **>
245 |   #     @type prometheus
246 |   #     <metric>
247 |   #       name fluentd_records_total
248 |   #       type counter
249 |   #       desc The total number of records read by fluentd.
250 |   #     </metric>
251 |   #   </filter>
252 | 


--------------------------------------------------------------------------------
/manifests/fluentd/daemonset.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: DaemonSet
 3 | metadata:
 4 |   name: fluentd
 5 |   labels:
 6 |     app: fluentd
 7 | spec:
 8 |   template:
 9 |     metadata:
10 |       name: fluentd
11 |       labels:
12 |         app: fluentd
13 |     spec:
14 |       serviceAccountName: fluentd
15 |       containers:
16 |       - name: fluentd
17 |         image: gcr.io/google-containers/fluentd-elasticsearch:v2.3.1
18 |         imagePullPolicy: IfNotPresent
19 |         env:
20 |         - name: OUTPUT_HOST
21 |           value: 'elasticsearch.default.svc'
22 |         - name: OUTPUT_PORT
23 |           value: '9200'
24 |         - name: OUTPUT_BUFFER_CHUNK_LIMIT
25 |           value: '2M'
26 |         - name: OUTPUT_BUFFER_QUEUE_LIMIT
27 |           value: '8'
28 |         - name: K8S_NODE_NAME
29 |           valueFrom:
30 |             fieldRef:
31 |               fieldPath: spec.nodeName
32 |         volumeMounts:
33 |         - name: varlog
34 |           mountPath: /var/log
35 |         - name: varlibdockercontainers
36 |           mountPath: /var/lib/docker/containers
37 |           readOnly: true
38 |         - name: libsystemddir
39 |           mountPath: /host/lib
40 |           readOnly: true
41 |         - name: config-volume-fluentd
42 |           mountPath: /etc/fluent/config.d
43 |         # Liveness probe is aimed to help in situarions where fluentd
44 |         # silently hangs for no apparent reasons until manual restart.
45 |         # The idea of this probe is that if fluentd is not queueing or
46 |         # flushing chunks for 5 minutes, something is not right. If
47 |         # you want to change the fluentd configuration, reducing amount of
48 |         # logs fluentd collects, consider changing the threshold or turning
49 |         # liveness probe off completely.
50 |         livenessProbe:
51 |           initialDelaySeconds: 600
52 |           periodSeconds: 60
53 |           exec:
54 |             command:
55 |             - '/bin/sh'
56 |             - '-c'
57 |             - >
58 |               LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
59 |               STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
60 |               if [ ! -e /var/log/fluentd-buffers ];
61 |               then
62 |                 exit 1;
63 |               fi;
64 |               touch -d "${STUCK_THRESHOLD_SECONDS} seconds ago" /tmp/marker-stuck;
65 |               if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-stuck -print -quit)" ]];
66 |               then
67 |                 rm -rf /var/log/fluentd-buffers;
68 |                 exit 1;
69 |               fi;
70 |               touch -d "${LIVENESS_THRESHOLD_SECONDS} seconds ago" /tmp/marker-liveness;
71 |               if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-liveness -print -quit)" ]];
72 |               then
73 |                 exit 1;
74 |               fi;
75 |       volumes:
76 |       - name: varlog
77 |         hostPath:
78 |           path: /var/log
79 |       - name: varlibdockercontainers
80 |         hostPath:
81 |           path: /var/lib/docker/containers
82 |       # It is needed to copy systemd library to decompress journals
83 |       - name: libsystemddir
84 |         hostPath:
85 |           path: /usr/lib64
86 |       - name: config-volume-fluentd
87 |         configMap:
88 |           name: fluentd
89 | 


--------------------------------------------------------------------------------
/manifests/kibana/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: kibana
 5 |   labels:
 6 |     app: kibana
 7 |     stack: logging
 8 | data:
 9 |   kibana.yml: |
10 |     server:
11 |       name: "full-stack-example"
12 |       port: 127.0.0.1:5601
13 |     elasticsearch.url: "http://elasticsearch:9200"
14 | 


--------------------------------------------------------------------------------
/manifests/kibana/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: kibana
 5 |   labels:
 6 |     app: kibana
 7 |     stack: logging
 8 | spec:
 9 |   replicas: 1
10 |   strategy:
11 |     type: Recreate
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: kibana
16 |         stack: logging
17 |     spec:
18 |       # FIXME
19 |       # healthcheck + resources
20 |       containers:
21 |       - name: kibana
22 |         image: docker.elastic.co/kibana/kibana-oss:6.0.0
23 |         imagePullPolicy: IfNotPresent
24 |         env:
25 |         - name: ELASTICSEARCH_PASSWORD
26 |           value: changeme
27 |         ports:
28 |         - containerPort: 5601
29 |         resources: {}
30 |         volumeMounts:
31 |         - name: config
32 |           mountPath: /usr/share/kibana/kibana.yml
33 |           subPath: kibana.yml
34 |       restartPolicy: Always
35 |       volumes:
36 |       - name: config
37 |         configMap:
38 |           name: kibana
39 | 


--------------------------------------------------------------------------------
/manifests/kibana/ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: kibana
 5 |   labels:
 6 |     app: kibana
 7 |     stack: logging
 8 | spec:
 9 |   rules:
10 |   -
11 |     # host: kibana.minikube.localnet
12 |     host: kibana.j9egj.k8s.ginger.eu-central-1.aws.gigantic.io
13 |     http:
14 |       paths:
15 |       - path: /
16 |         backend:
17 |           serviceName: kibana
18 |           servicePort: 5601
19 | 


--------------------------------------------------------------------------------
/manifests/kibana/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: kibana
 5 |   labels:
 6 |     app: kibana
 7 |     stack: logging
 8 | spec:
 9 |   type: NodePort
10 |   ports:
11 |   - name: "ui"
12 |     port: 5601
13 |     targetPort: 5601
14 |   selector:
15 |     app: kibana
16 |     stack: logging
17 | 


--------------------------------------------------------------------------------
/test/.gitignore:
--------------------------------------------------------------------------------
1 | /trash directory*
2 | /test-results
3 | /.prove
4 | 


--------------------------------------------------------------------------------
/test/README.md:
--------------------------------------------------------------------------------
 1 | # Simple test suite
 2 | 
 3 | This uses [Sharness](https://github.com/chriscool/sharness) for running the tests.
 4 | 
 5 | 
 6 | At first start a fresh Minikube environment.
 7 | 
 8 | ```bash
 9 | minikube delete
10 | minikube start --memory 4096
11 | ```
12 | 
13 | Then run from this directory:
14 | ```
15 | ./simple.t
16 | ```
17 | 
18 | Since it test on the amount of indexed log lines repeat this after some time until successful.
19 | 
20 | 
21 | *To be continued..*
22 | 


--------------------------------------------------------------------------------
/test/aggregate-results.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | #
 3 | # Copyright (c) 2008-2012 Git project
 4 | #
 5 | # This program is free software: you can redistribute it and/or modify
 6 | # it under the terms of the GNU General Public License as published by
 7 | # the Free Software Foundation, either version 2 of the License, or
 8 | # (at your option) any later version.
 9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | # GNU General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU General Public License
16 | # along with this program.  If not, see http://www.gnu.org/licenses/ .
17 | 
18 | failed_tests=
19 | fixed=0
20 | success=0
21 | failed=0
22 | broken=0
23 | total=0
24 | 
25 | while read file; do
26 | 	while read type value; do
27 | 		case $type in
28 | 		'')
29 | 			continue ;;
30 | 		fixed)
31 | 			fixed=$(($fixed + $value)) ;;
32 | 		success)
33 | 			success=$(($success + $value)) ;;
34 | 		failed)
35 | 			failed=$(($failed + $value))
36 | 			if test $value != 0; then
37 | 				test_name=$(expr "$file" : 'test-results/\(.*\)\.[0-9]*\.counts')
38 | 				failed_tests="$failed_tests $test_name"
39 | 			fi
40 | 			;;
41 | 		broken)
42 | 			broken=$(($broken + $value)) ;;
43 | 		total)
44 | 			total=$(($total + $value)) ;;
45 | 		esac
46 | 	done <"$file"
47 | done
48 | 
49 | if test -n "$failed_tests"; then
50 | 	printf "\nfailed test(s):$failed_tests\n\n"
51 | fi
52 | 
53 | printf "%-8s%d\n" fixed $fixed
54 | printf "%-8s%d\n" success $success
55 | printf "%-8s%d\n" failed $failed
56 | printf "%-8s%d\n" broken $broken
57 | printf "%-8s%d\n" total $total
58 | 


--------------------------------------------------------------------------------
/test/sharness.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | #
  3 | # Copyright (c) 2011-2012 Mathias Lafeldt
  4 | # Copyright (c) 2005-2012 Git project
  5 | # Copyright (c) 2005-2012 Junio C Hamano
  6 | #
  7 | # This program is free software: you can redistribute it and/or modify
  8 | # it under the terms of the GNU General Public License as published by
  9 | # the Free Software Foundation, either version 2 of the License, or
 10 | # (at your option) any later version.
 11 | #
 12 | # This program is distributed in the hope that it will be useful,
 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15 | # GNU General Public License for more details.
 16 | #
 17 | # You should have received a copy of the GNU General Public License
 18 | # along with this program.  If not, see http://www.gnu.org/licenses/ .
 19 | 
 20 | # Public: Current version of Sharness.
 21 | SHARNESS_VERSION="1.0.0"
 22 | export SHARNESS_VERSION
 23 | 
 24 | # Public: The file extension for tests.  By default, it is set to "t".
 25 | : ${SHARNESS_TEST_EXTENSION:=t}
 26 | export SHARNESS_TEST_EXTENSION
 27 | 
 28 | #  Reset TERM to original terminal if found, otherwise save orignal TERM
 29 | [ "x" = "x$SHARNESS_ORIG_TERM" ] &&
 30 | 		SHARNESS_ORIG_TERM="$TERM" ||
 31 | 		TERM="$SHARNESS_ORIG_TERM"
 32 | # Public: The unsanitized TERM under which sharness is originally run
 33 | export SHARNESS_ORIG_TERM
 34 | 
 35 | # Export SHELL_PATH
 36 | : ${SHELL_PATH:=$SHELL}
 37 | export SHELL_PATH
 38 | 
 39 | # For repeatability, reset the environment to a known state.
 40 | # TERM is sanitized below, after saving color control sequences.
 41 | LANG=C
 42 | LC_ALL=C
 43 | PAGER=cat
 44 | TZ=UTC
 45 | EDITOR=:
 46 | export LANG LC_ALL PAGER TZ EDITOR
 47 | unset VISUAL CDPATH GREP_OPTIONS
 48 | 
 49 | # Line feed
 50 | LF='
 51 | '
 52 | 
 53 | [ "x$TERM" != "xdumb" ] && (
 54 | 		[ -t 1 ] &&
 55 | 		tput bold >/dev/null 2>&1 &&
 56 | 		tput setaf 1 >/dev/null 2>&1 &&
 57 | 		tput sgr0 >/dev/null 2>&1
 58 | 	) &&
 59 | 	color=t
 60 | 
 61 | while test "$#" -ne 0; do
 62 | 	case "$1" in
 63 | 	-d|--d|--de|--deb|--debu|--debug)
 64 | 		debug=t; shift ;;
 65 | 	-i|--i|--im|--imm|--imme|--immed|--immedi|--immedia|--immediat|--immediate)
 66 | 		immediate=t; shift ;;
 67 | 	-l|--l|--lo|--lon|--long|--long-|--long-t|--long-te|--long-tes|--long-test|--long-tests)
 68 | 		TEST_LONG=t; export TEST_LONG; shift ;;
 69 | 	--in|--int|--inte|--inter|--intera|--interac|--interact|--interacti|--interactiv|--interactive|--interactive-|--interactive-t|--interactive-te|--interactive-tes|--interactive-test|--interactive-tests):
 70 | 		TEST_INTERACTIVE=t; export TEST_INTERACTIVE; verbose=t; shift ;;
 71 | 	-h|--h|--he|--hel|--help)
 72 | 		help=t; shift ;;
 73 | 	-v|--v|--ve|--ver|--verb|--verbo|--verbos|--verbose)
 74 | 		verbose=t; shift ;;
 75 | 	-q|--q|--qu|--qui|--quie|--quiet)
 76 | 		# Ignore --quiet under a TAP::Harness. Saying how many tests
 77 | 		# passed without the ok/not ok details is always an error.
 78 | 		test -z "$HARNESS_ACTIVE" && quiet=t; shift ;;
 79 | 	--chain-lint)
 80 | 		chain_lint=t; shift ;;
 81 | 	--no-chain-lint)
 82 | 		chain_lint=; shift ;;
 83 | 	--no-color)
 84 | 		color=; shift ;;
 85 | 	--root=*)
 86 | 		root=$(expr "z$1" : 'z[^=]*=\(.*\)')
 87 | 		shift ;;
 88 | 	*)
 89 | 		echo "error: unknown test option '$1'" >&2; exit 1 ;;
 90 | 	esac
 91 | done
 92 | 
 93 | if test -n "$color"; then
 94 | 	# Save the color control sequences now rather than run tput
 95 | 	# each time say_color() is called.  This is done for two
 96 | 	# reasons:
 97 | 	#   * TERM will be changed to dumb
 98 | 	#   * HOME will be changed to a temporary directory and tput
 99 | 	#     might need to read ~/.terminfo from the original HOME
100 | 	#     directory to get the control sequences
101 | 	# Note:  This approach assumes the control sequences don't end
102 | 	# in a newline for any terminal of interest (command
103 | 	# substitutions strip trailing newlines).  Given that most
104 | 	# (all?) terminals in common use are related to ECMA-48, this
105 | 	# shouldn't be a problem.
106 | 	say_color_error=$(tput bold; tput setaf 1) # bold red
107 | 	say_color_skip=$(tput setaf 4) # blue
108 | 	say_color_warn=$(tput setaf 3) # brown/yellow
109 | 	say_color_pass=$(tput setaf 2) # green
110 | 	say_color_info=$(tput setaf 6) # cyan
111 | 	say_color_reset=$(tput sgr0)
112 | 	say_color_="" # no formatting for normal text
113 | 	say_color() {
114 | 		test -z "$1" && test -n "$quiet" && return
115 | 		eval "say_color_color=\$say_color_$1"
116 | 		shift
117 | 		printf "%s\\n" "$say_color_color$*$say_color_reset"
118 | 	}
119 | else
120 | 	say_color() {
121 | 		test -z "$1" && test -n "$quiet" && return
122 | 		shift
123 | 		printf "%s\n" "$*"
124 | 	}
125 | fi
126 | 
127 | TERM=dumb
128 | export TERM
129 | 
130 | error() {
131 | 	say_color error "error: $*"
132 | 	EXIT_OK=t
133 | 	exit 1
134 | }
135 | 
136 | say() {
137 | 	say_color info "$*"
138 | }
139 | 
140 | test -n "$test_description" || error "Test script did not set test_description."
141 | 
142 | if test "$help" = "t"; then
143 | 	echo "$test_description"
144 | 	exit 0
145 | fi
146 | 
147 | exec 5>&1
148 | exec 6<&0
149 | if test "$verbose" = "t"; then
150 | 	exec 4>&2 3>&1
151 | else
152 | 	exec 4>/dev/null 3>/dev/null
153 | fi
154 | 
155 | test_failure=0
156 | test_count=0
157 | test_fixed=0
158 | test_broken=0
159 | test_success=0
160 | 
161 | die() {
162 | 	code=$?
163 | 	if test -n "$EXIT_OK"; then
164 | 		exit $code
165 | 	else
166 | 		echo >&5 "FATAL: Unexpected exit with code $code"
167 | 		exit 1
168 | 	fi
169 | }
170 | 
171 | EXIT_OK=
172 | trap 'die' EXIT
173 | 
174 | # Public: Define that a test prerequisite is available.
175 | #
176 | # The prerequisite can later be checked explicitly using test_have_prereq or
177 | # implicitly by specifying the prerequisite name in calls to test_expect_success
178 | # or test_expect_failure.
179 | #
180 | # $1 - Name of prerequiste (a simple word, in all capital letters by convention)
181 | #
182 | # Examples
183 | #
184 | #   # Set PYTHON prerequisite if interpreter is available.
185 | #   command -v python >/dev/null && test_set_prereq PYTHON
186 | #
187 | #   # Set prerequisite depending on some variable.
188 | #   test -z "$NO_GETTEXT" && test_set_prereq GETTEXT
189 | #
190 | # Returns nothing.
191 | test_set_prereq() {
192 | 	satisfied_prereq="$satisfied_prereq$1 "
193 | }
194 | satisfied_prereq=" "
195 | 
196 | # Public: Check if one or more test prerequisites are defined.
197 | #
198 | # The prerequisites must have previously been set with test_set_prereq.
199 | # The most common use of this is to skip all the tests if some essential
200 | # prerequisite is missing.
201 | #
202 | # $1 - Comma-separated list of test prerequisites.
203 | #
204 | # Examples
205 | #
206 | #   # Skip all remaining tests if prerequisite is not set.
207 | #   if ! test_have_prereq PERL; then
208 | #       skip_all='skipping perl interface tests, perl not available'
209 | #       test_done
210 | #   fi
211 | #
212 | # Returns 0 if all prerequisites are defined or 1 otherwise.
213 | test_have_prereq() {
214 | 	# prerequisites can be concatenated with ','
215 | 	save_IFS=$IFS
216 | 	IFS=,
217 | 	set -- $*
218 | 	IFS=$save_IFS
219 | 
220 | 	total_prereq=0
221 | 	ok_prereq=0
222 | 	missing_prereq=
223 | 
224 | 	for prerequisite; do
225 | 		case "$prerequisite" in
226 | 		!*)
227 | 			negative_prereq=t
228 | 			prerequisite=${prerequisite#!}
229 | 			;;
230 | 		*)
231 | 			negative_prereq=
232 | 		esac
233 | 
234 | 		total_prereq=$(($total_prereq + 1))
235 | 		case "$satisfied_prereq" in
236 | 		*" $prerequisite "*)
237 | 			satisfied_this_prereq=t
238 | 			;;
239 | 		*)
240 | 			satisfied_this_prereq=
241 | 		esac
242 | 
243 | 		case "$satisfied_this_prereq,$negative_prereq" in
244 | 		t,|,t)
245 | 			ok_prereq=$(($ok_prereq + 1))
246 | 			;;
247 | 		*)
248 | 			# Keep a list of missing prerequisites; restore
249 | 			# the negative marker if necessary.
250 | 			prerequisite=${negative_prereq:+!}$prerequisite
251 | 			if test -z "$missing_prereq"; then
252 | 				missing_prereq=$prerequisite
253 | 			else
254 | 				missing_prereq="$prerequisite,$missing_prereq"
255 | 			fi
256 | 		esac
257 | 	done
258 | 
259 | 	test $total_prereq = $ok_prereq
260 | }
261 | 
262 | # You are not expected to call test_ok_ and test_failure_ directly, use
263 | # the text_expect_* functions instead.
264 | 
265 | test_ok_() {
266 | 	test_success=$(($test_success + 1))
267 | 	say_color "" "ok $test_count - $@"
268 | }
269 | 
270 | test_failure_() {
271 | 	test_failure=$(($test_failure + 1))
272 | 	say_color error "not ok $test_count - $1"
273 | 	shift
274 | 	echo "$@" | sed -e 's/^/#	/'
275 | 	test "$immediate" = "" || { EXIT_OK=t; exit 1; }
276 | }
277 | 
278 | test_known_broken_ok_() {
279 | 	test_fixed=$(($test_fixed + 1))
280 | 	say_color error "ok $test_count - $@ # TODO known breakage vanished"
281 | }
282 | 
283 | test_known_broken_failure_() {
284 | 	test_broken=$(($test_broken + 1))
285 | 	say_color warn "not ok $test_count - $@ # TODO known breakage"
286 | }
287 | 
288 | # Public: Execute commands in debug mode.
289 | #
290 | # Takes a single argument and evaluates it only when the test script is started
291 | # with --debug. This is primarily meant for use during the development of test
292 | # scripts.
293 | #
294 | # $1 - Commands to be executed.
295 | #
296 | # Examples
297 | #
298 | #   test_debug "cat some_log_file"
299 | #
300 | # Returns the exit code of the last command executed in debug mode or 0
301 | #   otherwise.
302 | test_debug() {
303 | 	test "$debug" = "" || eval "$1"
304 | }
305 | 
306 | # Public: Stop execution and start a shell.
307 | #
308 | # This is useful for debugging tests and only makes sense together with "-v".
309 | # Be sure to remove all invocations of this command before submitting.
310 | test_pause() {
311 | 	if test "$verbose" = t; then
312 | 		"$SHELL_PATH" <&6 >&3 2>&4
313 | 	else
314 | 		error >&5 "test_pause requires --verbose"
315 | 	fi
316 | }
317 | 
318 | test_eval_() {
319 | 	# This is a separate function because some tests use
320 | 	# "return" to end a test_expect_success block early.
321 | 	case ",$test_prereq," in
322 | 	*,INTERACTIVE,*)
323 | 		eval "$*"
324 | 		;;
325 | 	*)
326 | 		eval </dev/null >&3 2>&4 "$*"
327 | 		;;
328 | 	esac
329 | }
330 | 
331 | test_run_() {
332 | 	test_cleanup=:
333 | 	expecting_failure=$2
334 | 	test_eval_ "$1"
335 | 	eval_ret=$?
336 | 
337 | 	if test "$chain_lint" = "t"; then
338 | 		test_eval_ "(exit 117) && $1"
339 | 		if test "$?" != 117; then
340 | 			error "bug in the test script: broken &&-chain: $1"
341 | 		fi
342 | 	fi
343 | 
344 | 	if test -z "$immediate" || test $eval_ret = 0 || test -n "$expecting_failure"; then
345 | 		test_eval_ "$test_cleanup"
346 | 	fi
347 | 	if test "$verbose" = "t" && test -n "$HARNESS_ACTIVE"; then
348 | 		echo ""
349 | 	fi
350 | 	return "$eval_ret"
351 | }
352 | 
353 | test_skip_() {
354 | 	test_count=$(($test_count + 1))
355 | 	to_skip=
356 | 	for skp in $SKIP_TESTS; do
357 | 		case $this_test.$test_count in
358 | 		$skp)
359 | 			to_skip=t
360 | 			break
361 | 		esac
362 | 	done
363 | 	if test -z "$to_skip" && test -n "$test_prereq" && ! test_have_prereq "$test_prereq"; then
364 | 		to_skip=t
365 | 	fi
366 | 	case "$to_skip" in
367 | 	t)
368 | 		of_prereq=
369 | 		if test "$missing_prereq" != "$test_prereq"; then
370 | 			of_prereq=" of $test_prereq"
371 | 		fi
372 | 
373 | 		say_color skip >&3 "skipping test: $@"
374 | 		say_color skip "ok $test_count # skip $1 (missing $missing_prereq${of_prereq})"
375 | 		: true
376 | 		;;
377 | 	*)
378 | 		false
379 | 		;;
380 | 	esac
381 | }
382 | 
383 | # Public: Run test commands and expect them to succeed.
384 | #
385 | # When the test passed, an "ok" message is printed and the number of successful
386 | # tests is incremented. When it failed, a "not ok" message is printed and the
387 | # number of failed tests is incremented.
388 | #
389 | # With --immediate, exit test immediately upon the first failed test.
390 | #
391 | # Usually takes two arguments:
392 | # $1 - Test description
393 | # $2 - Commands to be executed.
394 | #
395 | # With three arguments, the first will be taken to be a prerequisite:
396 | # $1 - Comma-separated list of test prerequisites. The test will be skipped if
397 | #      not all of the given prerequisites are set. To negate a prerequisite,
398 | #      put a "!" in front of it.
399 | # $2 - Test description
400 | # $3 - Commands to be executed.
401 | #
402 | # Examples
403 | #
404 | #   test_expect_success \
405 | #       'git-write-tree should be able to write an empty tree.' \
406 | #       'tree=$(git-write-tree)'
407 | #
408 | #   # Test depending on one prerequisite.
409 | #   test_expect_success TTY 'git --paginate rev-list uses a pager' \
410 | #       ' ... '
411 | #
412 | #   # Multiple prerequisites are separated by a comma.
413 | #   test_expect_success PERL,PYTHON 'yo dawg' \
414 | #       ' test $(perl -E 'print eval "1 +" . qx[python -c "print 2"]') == "4" '
415 | #
416 | # Returns nothing.
417 | test_expect_success() {
418 | 	test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq=
419 | 	test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_success"
420 | 	export test_prereq
421 | 	if ! test_skip_ "$@"; then
422 | 		say >&3 "expecting success: $2"
423 | 		if test_run_ "$2"; then
424 | 			test_ok_ "$1"
425 | 		else
426 | 			test_failure_ "$@"
427 | 		fi
428 | 	fi
429 | 	echo >&3 ""
430 | }
431 | 
432 | # Public: Run test commands and expect them to fail. Used to demonstrate a known
433 | # breakage.
434 | #
435 | # This is NOT the opposite of test_expect_success, but rather used to mark a
436 | # test that demonstrates a known breakage.
437 | #
438 | # When the test passed, an "ok" message is printed and the number of fixed tests
439 | # is incremented. When it failed, a "not ok" message is printed and the number
440 | # of tests still broken is incremented.
441 | #
442 | # Failures from these tests won't cause --immediate to stop.
443 | #
444 | # Usually takes two arguments:
445 | # $1 - Test description
446 | # $2 - Commands to be executed.
447 | #
448 | # With three arguments, the first will be taken to be a prerequisite:
449 | # $1 - Comma-separated list of test prerequisites. The test will be skipped if
450 | #      not all of the given prerequisites are set. To negate a prerequisite,
451 | #      put a "!" in front of it.
452 | # $2 - Test description
453 | # $3 - Commands to be executed.
454 | #
455 | # Returns nothing.
456 | test_expect_failure() {
457 | 	test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq=
458 | 	test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_failure"
459 | 	export test_prereq
460 | 	if ! test_skip_ "$@"; then
461 | 		say >&3 "checking known breakage: $2"
462 | 		if test_run_ "$2" expecting_failure; then
463 | 			test_known_broken_ok_ "$1"
464 | 		else
465 | 			test_known_broken_failure_ "$1"
466 | 		fi
467 | 	fi
468 | 	echo >&3 ""
469 | }
470 | 
471 | # Public: Run command and ensure that it fails in a controlled way.
472 | #
473 | # Use it instead of "! <command>". For example, when <command> dies due to a
474 | # segfault, test_must_fail diagnoses it as an error, while "! <command>" would
475 | # mistakenly be treated as just another expected failure.
476 | #
477 | # This is one of the prefix functions to be used inside test_expect_success or
478 | # test_expect_failure.
479 | #
480 | # $1.. - Command to be executed.
481 | #
482 | # Examples
483 | #
484 | #   test_expect_success 'complain and die' '
485 | #       do something &&
486 | #       do something else &&
487 | #       test_must_fail git checkout ../outerspace
488 | #   '
489 | #
490 | # Returns 1 if the command succeeded (exit code 0).
491 | # Returns 1 if the command died by signal (exit codes 130-192)
492 | # Returns 1 if the command could not be found (exit code 127).
493 | # Returns 0 otherwise.
494 | test_must_fail() {
495 | 	"$@"
496 | 	exit_code=$?
497 | 	if test $exit_code = 0; then
498 | 		echo >&2 "test_must_fail: command succeeded: $*"
499 | 		return 1
500 | 	elif test $exit_code -gt 129 -a $exit_code -le 192; then
501 | 		echo >&2 "test_must_fail: died by signal: $*"
502 | 		return 1
503 | 	elif test $exit_code = 127; then
504 | 		echo >&2 "test_must_fail: command not found: $*"
505 | 		return 1
506 | 	fi
507 | 	return 0
508 | }
509 | 
510 | # Public: Run command and ensure that it succeeds or fails in a controlled way.
511 | #
512 | # Similar to test_must_fail, but tolerates success too. Use it instead of
513 | # "<command> || :" to catch failures caused by a segfault, for instance.
514 | #
515 | # This is one of the prefix functions to be used inside test_expect_success or
516 | # test_expect_failure.
517 | #
518 | # $1.. - Command to be executed.
519 | #
520 | # Examples
521 | #
522 | #   test_expect_success 'some command works without configuration' '
523 | #       test_might_fail git config --unset all.configuration &&
524 | #       do something
525 | #   '
526 | #
527 | # Returns 1 if the command died by signal (exit codes 130-192)
528 | # Returns 1 if the command could not be found (exit code 127).
529 | # Returns 0 otherwise.
530 | test_might_fail() {
531 | 	"$@"
532 | 	exit_code=$?
533 | 	if test $exit_code -gt 129 -a $exit_code -le 192; then
534 | 		echo >&2 "test_might_fail: died by signal: $*"
535 | 		return 1
536 | 	elif test $exit_code = 127; then
537 | 		echo >&2 "test_might_fail: command not found: $*"
538 | 		return 1
539 | 	fi
540 | 	return 0
541 | }
542 | 
543 | # Public: Run command and ensure it exits with a given exit code.
544 | #
545 | # This is one of the prefix functions to be used inside test_expect_success or
546 | # test_expect_failure.
547 | #
548 | # $1   - Expected exit code.
549 | # $2.. - Command to be executed.
550 | #
551 | # Examples
552 | #
553 | #   test_expect_success 'Merge with d/f conflicts' '
554 | #       test_expect_code 1 git merge "merge msg" B master
555 | #   '
556 | #
557 | # Returns 0 if the expected exit code is returned or 1 otherwise.
558 | test_expect_code() {
559 | 	want_code=$1
560 | 	shift
561 | 	"$@"
562 | 	exit_code=$?
563 | 	if test $exit_code = $want_code; then
564 | 		return 0
565 | 	fi
566 | 
567 | 	echo >&2 "test_expect_code: command exited with $exit_code, we wanted $want_code $*"
568 | 	return 1
569 | }
570 | 
571 | # Public: Compare two files to see if expected output matches actual output.
572 | #
573 | # The TEST_CMP variable defines the command used for the comparision; it
574 | # defaults to "diff -u". Only when the test script was started with --verbose,
575 | # will the command's output, the diff, be printed to the standard output.
576 | #
577 | # This is one of the prefix functions to be used inside test_expect_success or
578 | # test_expect_failure.
579 | #
580 | # $1 - Path to file with expected output.
581 | # $2 - Path to file with actual output.
582 | #
583 | # Examples
584 | #
585 | #   test_expect_success 'foo works' '
586 | #       echo expected >expected &&
587 | #       foo >actual &&
588 | #       test_cmp expected actual
589 | #   '
590 | #
591 | # Returns the exit code of the command set by TEST_CMP.
592 | test_cmp() {
593 | 	${TEST_CMP:-diff -u} "$@"
594 | }
595 | 
596 | # Public: portably print a sequence of numbers.
597 | #
598 | # seq is not in POSIX and GNU seq might not be available everywhere,
599 | # so it is nice to have a seq implementation, even a very simple one.
600 | #
601 | # $1 - Starting number.
602 | # $2 - Ending number.
603 | #
604 | # Examples
605 | #
606 | #   test_expect_success 'foo works 10 times' '
607 | #       for i in $(test_seq 1 10)
608 | #       do
609 | #           foo || return
610 | #       done
611 | #   '
612 | #
613 | # Returns 0 if all the specified numbers can be displayed.
614 | test_seq() {
615 | 	i="$1"
616 | 	j="$2"
617 | 	while test "$i" -le "$j"
618 | 	do
619 | 		echo "$i" || return
620 | 		i=$(expr "$i" + 1)
621 | 	done
622 | }
623 | 
624 | # Public: Check if the file expected to be empty is indeed empty, and barfs
625 | # otherwise.
626 | #
627 | # $1 - File to check for emptyness.
628 | #
629 | # Returns 0 if file is empty, 1 otherwise.
630 | test_must_be_empty() {
631 | 	if test -s "$1"
632 | 	then
633 | 		echo "'$1' is not empty, it contains:"
634 | 		cat "$1"
635 | 		return 1
636 | 	fi
637 | }
638 | 
639 | # Public: Schedule cleanup commands to be run unconditionally at the end of a
640 | # test.
641 | #
642 | # If some cleanup command fails, the test will not pass. With --immediate, no
643 | # cleanup is done to help diagnose what went wrong.
644 | #
645 | # This is one of the prefix functions to be used inside test_expect_success or
646 | # test_expect_failure.
647 | #
648 | # $1.. - Commands to prepend to the list of cleanup commands.
649 | #
650 | # Examples
651 | #
652 | #   test_expect_success 'test core.capslock' '
653 | #       git config core.capslock true &&
654 | #       test_when_finished "git config --unset core.capslock" &&
655 | #       do_something
656 | #   '
657 | #
658 | # Returns the exit code of the last cleanup command executed.
659 | test_when_finished() {
660 | 	test_cleanup="{ $*
661 | 		} && (exit \"\$eval_ret\"); eval_ret=\$?; $test_cleanup"
662 | }
663 | 
664 | # Public: Schedule cleanup commands to be run unconditionally when all tests
665 | # have run.
666 | #
667 | # This can be used to clean up things like test databases. It is not needed to
668 | # clean up temporary files, as test_done already does that.
669 | #
670 | # Examples:
671 | #
672 | #   cleanup mysql -e "DROP DATABASE mytest"
673 | #
674 | # Returns the exit code of the last cleanup command executed.
675 | final_cleanup=
676 | cleanup() {
677 | 	final_cleanup="{ $*
678 | 		} && (exit \"\$eval_ret\"); eval_ret=\$?; $final_cleanup"
679 | }
680 | 
681 | # Public: Summarize test results and exit with an appropriate error code.
682 | #
683 | # Must be called at the end of each test script.
684 | #
685 | # Can also be used to stop tests early and skip all remaining tests. For this,
686 | # set skip_all to a string explaining why the tests were skipped before calling
687 | # test_done.
688 | #
689 | # Examples
690 | #
691 | #   # Each test script must call test_done at the end.
692 | #   test_done
693 | #
694 | #   # Skip all remaining tests if prerequisite is not set.
695 | #   if ! test_have_prereq PERL; then
696 | #       skip_all='skipping perl interface tests, perl not available'
697 | #       test_done
698 | #   fi
699 | #
700 | # Returns 0 if all tests passed or 1 if there was a failure.
701 | test_done() {
702 | 	EXIT_OK=t
703 | 
704 | 	if test -z "$HARNESS_ACTIVE"; then
705 | 		test_results_dir="$SHARNESS_TEST_DIRECTORY/test-results"
706 | 		mkdir -p "$test_results_dir"
707 | 		test_results_path="$test_results_dir/$this_test.$$.counts"
708 | 
709 | 		cat >>"$test_results_path" <<-EOF
710 | 		total $test_count
711 | 		success $test_success
712 | 		fixed $test_fixed
713 | 		broken $test_broken
714 | 		failed $test_failure
715 | 
716 | 		EOF
717 | 	fi
718 | 
719 | 	if test "$test_fixed" != 0; then
720 | 		say_color error "# $test_fixed known breakage(s) vanished; please update test(s)"
721 | 	fi
722 | 	if test "$test_broken" != 0; then
723 | 		say_color warn "# still have $test_broken known breakage(s)"
724 | 	fi
725 | 	if test "$test_broken" != 0 || test "$test_fixed" != 0; then
726 | 		test_remaining=$(( $test_count - $test_broken - $test_fixed ))
727 | 		msg="remaining $test_remaining test(s)"
728 | 	else
729 | 		test_remaining=$test_count
730 | 		msg="$test_count test(s)"
731 | 	fi
732 | 
733 | 	case "$test_failure" in
734 | 	0)
735 | 		# Maybe print SKIP message
736 | 		if test -n "$skip_all" && test $test_count -gt 0; then
737 | 			error "Can't use skip_all after running some tests"
738 | 		fi
739 | 		[ -z "$skip_all" ] || skip_all=" # SKIP $skip_all"
740 | 
741 | 		if test $test_remaining -gt 0; then
742 | 			say_color pass "# passed all $msg"
743 | 		fi
744 | 		say "1..$test_count$skip_all"
745 | 
746 | 		test_eval_ "$final_cleanup"
747 | 
748 | 		test -d "$remove_trash" &&
749 | 		cd "$(dirname "$remove_trash")" &&
750 | 		rm -rf "$(basename "$remove_trash")"
751 | 
752 | 		exit 0 ;;
753 | 
754 | 	*)
755 | 		say_color error "# failed $test_failure among $msg"
756 | 		say "1..$test_count"
757 | 
758 | 		exit 1 ;;
759 | 
760 | 	esac
761 | }
762 | 
763 | # Public: Root directory containing tests. Tests can override this variable,
764 | # e.g. for testing Sharness itself.
765 | : ${SHARNESS_TEST_DIRECTORY:=$(pwd)}
766 | export SHARNESS_TEST_DIRECTORY
767 | 
768 | # Public: Source directory of test code and sharness library.
769 | # This directory may be different from the directory in which tests are
770 | # being run.
771 | : ${SHARNESS_TEST_SRCDIR:=$(cd $(dirname $0) && pwd)}
772 | export SHARNESS_TEST_SRCDIR
773 | 
774 | # Public: Build directory that will be added to PATH. By default, it is set to
775 | # the parent directory of SHARNESS_TEST_DIRECTORY.
776 | : ${SHARNESS_BUILD_DIRECTORY:="$SHARNESS_TEST_DIRECTORY/.."}
777 | PATH="$SHARNESS_BUILD_DIRECTORY:$PATH"
778 | export PATH SHARNESS_BUILD_DIRECTORY
779 | 
780 | # Public: Path to test script currently executed.
781 | SHARNESS_TEST_FILE="$0"
782 | export SHARNESS_TEST_FILE
783 | 
784 | # Prepare test area.
785 | SHARNESS_TRASH_DIRECTORY="trash directory.$(basename "$SHARNESS_TEST_FILE" ".$SHARNESS_TEST_EXTENSION")"
786 | test -n "$root" && SHARNESS_TRASH_DIRECTORY="$root/$SHARNESS_TRASH_DIRECTORY"
787 | case "$SHARNESS_TRASH_DIRECTORY" in
788 | /*) ;; # absolute path is good
789 |  *) SHARNESS_TRASH_DIRECTORY="$SHARNESS_TEST_DIRECTORY/$SHARNESS_TRASH_DIRECTORY" ;;
790 | esac
791 | test "$debug" = "t" || remove_trash="$SHARNESS_TRASH_DIRECTORY"
792 | rm -rf "$SHARNESS_TRASH_DIRECTORY" || {
793 | 	EXIT_OK=t
794 | 	echo >&5 "FATAL: Cannot prepare test area"
795 | 	exit 1
796 | }
797 | 
798 | 
799 | #
800 | #  Load any extensions in $srcdir/sharness.d/*.sh
801 | #
802 | if test -d "${SHARNESS_TEST_SRCDIR}/sharness.d"
803 | then
804 | 	for file in "${SHARNESS_TEST_SRCDIR}"/sharness.d/*.sh
805 | 	do
806 | 		# Ensure glob was not an empty match:
807 | 		test -e "${file}" || break
808 | 
809 | 		if test -n "$debug"
810 | 		then
811 | 			echo >&5 "sharness: loading extensions from ${file}"
812 | 		fi
813 | 		. "${file}"
814 | 		if test $? != 0
815 | 		then
816 | 			echo >&5 "sharness: Error loading ${file}. Aborting."
817 | 			exit 1
818 | 		fi
819 | 	done
820 | fi
821 | 
822 | # Public: Empty trash directory, the test area, provided for each test. The HOME
823 | # variable is set to that directory too.
824 | export SHARNESS_TRASH_DIRECTORY
825 | 
826 | HOME="$SHARNESS_TRASH_DIRECTORY"
827 | export HOME
828 | 
829 | mkdir -p "$SHARNESS_TRASH_DIRECTORY" || exit 1
830 | # Use -P to resolve symlinks in our working directory so that the cwd
831 | # in subprocesses like git equals our $PWD (for pathname comparisons).
832 | cd -P "$SHARNESS_TRASH_DIRECTORY" || exit 1
833 | 
834 | this_test=${SHARNESS_TEST_FILE##*/}
835 | this_test=${this_test%.$SHARNESS_TEST_EXTENSION}
836 | for skp in $SKIP_TESTS; do
837 | 	case "$this_test" in
838 | 	$skp)
839 | 		say_color info >&3 "skipping test $this_test altogether"
840 | 		skip_all="skip all tests in $this_test"
841 | 		test_done
842 | 	esac
843 | done
844 | 
845 | test -n "$TEST_LONG" && test_set_prereq EXPENSIVE
846 | test -n "$TEST_INTERACTIVE" && test_set_prereq INTERACTIVE
847 | 
848 | # Make sure this script ends with code 0
849 | :
850 | 
851 | # vi: set ts=4 sw=4 noet :
852 | 


--------------------------------------------------------------------------------
/test/simple.t:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | 
  3 | test_description="Simple test of a logging setup"
  4 | 
  5 | context=${context:-minikube}
  6 | debug=${debug:-false}
  7 | clear_namespaces=${clear_namespaces:-false}
  8 | 
  9 | function log_debug {
 10 |   $debug && echo "DEBUG $1" 1>&2
 11 | }
 12 | 
 13 | function clear_namespaces {
 14 |   for namespace in $(kubectl --context "$context" get namespaces --output json | jq -r '.items[] | .metadata.name'); do
 15 |     kubectl --context "$context" delete namespace $namespace
 16 |   done
 17 | 
 18 |   while $(kubectl --context "$context" get namespace logging > /dev/null); do
 19 |     echo -n "."
 20 |     sleep 0.5
 21 |   done
 22 | }
 23 | 
 24 | function apply_manifests {
 25 |   kubectl --context "$context" apply --filename ../manifests
 26 |   kubectl --context "$context" apply --filename ../manifests/kibana
 27 |   kubectl --context "$context" apply --filename ../manifests/fluent-bit
 28 |   kubectl --context "$context" apply --filename ../manifests/fluentd
 29 |   kubectl --context "$context" apply --filename ../manifests/filebeat
 30 | }
 31 | 
 32 | # FIXME! wait for api-server
 33 | # check for healthy cluster
 34 | # kubectl --context "$context" cluster-info
 35 | 
 36 | # maybe only delete "logging" namespace?
 37 | $clear_namespaces && clear_namespaces
 38 | apply_manifests
 39 | 
 40 | 
 41 | elasticsearch_node_ip=$(kubectl --context "$context" --namespace logging \
 42 |   get pods --output json \
 43 |     | jq -r '.items[] | select(.metadata.labels.component=="elasticsearch")
 44 |       | .status.hostIP')
 45 | 
 46 | elasticsearch_nodeport=$(kubectl --context "$context" --namespace logging \
 47 |   get service elasticsearch --output json \
 48 |     | jq '.spec.ports[0].nodePort')
 49 | 
 50 | 
 51 | # wait for elasticsearch
 52 | echo "wait for elasticsearch to be ready"
 53 | $debug && echo "$elasticsearch_node_ip:$elasticsearch_nodeport" 1>&2
 54 | while true; do
 55 | 
 56 |   es_response=$(curl --request GET --max-time 1 -s "$elasticsearch_node_ip:$elasticsearch_nodeport")
 57 |   $debug && echo "$es_response" 1>&2
 58 |   tagline=$(echo "$es_response" | jq -r '.tagline')
 59 |   if test "You Know, for Search" = "$tagline"; then
 60 |     break
 61 |   fi
 62 |   printf "."
 63 |   sleep 0.5
 64 | done
 65 | 
 66 | 
 67 | echo "testing now"
 68 | . ./sharness.sh
 69 | 
 70 | # FIXME wait a bit for log lines?
 71 | # better: create pod that outputs 1k log lines
 72 | 
 73 | test_expect_success "Index for fluent-bit exists" "
 74 |     test 1 = $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluent-bit-* \
 75 |       | jq '. | length')
 76 | "
 77 | 
 78 | test_expect_success "Index for fluentd exists" "
 79 |     test 1 = $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluentd-* \
 80 |       | jq '. | length')
 81 | "
 82 | test_expect_success "Index for filebeat exists" "
 83 |     test 1 = $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/filebeat-* \
 84 |       | jq '. | length')
 85 | "
 86 | 
 87 | test_expect_success "At least one log-line in fluent-bit" "
 88 |     test 0 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluent-bit-*/_search | jq '.hits.total')
 89 | "
 90 | 
 91 | test_expect_success "At least one log-line in fluentd" "
 92 |     test 0 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluentd-*/_search | jq '.hits.total')
 93 | "
 94 | 
 95 | test_expect_success "At least one log-line in filebeat" "
 96 |     test 0 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/filebeat-*/_search | jq '.hits.total')
 97 | "
 98 | 
 99 | test_expect_success "More then 1000 log-lines in fluent-bit" "
100 |     test 1000 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluent-bit-*/_search | jq '.hits.total')
101 | "
102 | 
103 | test_expect_success "More then 1000 log-lines in fluentd" "
104 |     test 1000 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/fluentd-*/_search | jq '.hits.total')
105 | "
106 | 
107 | test_expect_success "More then 1000 log-lines in filebeat" "
108 |     test 1000 -lt $(curl --request GET -sS $elasticsearch_node_ip:$elasticsearch_nodeport/filebeat-*/_search | jq '.hits.total')
109 | "
110 | 
111 | # FIXME test if Kibana is up and can connect to Elasticsearch (hint: version mismatch)
112 | 
113 | test_done
114 | 


--------------------------------------------------------------------------------