├── .gitignore ├── README.md ├── kibana ├── .helmignore ├── Chart.yaml ├── templates │ ├── configmap.yaml │ ├── _helpers.tpl │ ├── service.yaml │ ├── ingress.yaml │ └── deployment.yaml └── values.yaml ├── filebeat ├── .helmignore ├── templates │ ├── NOTES.txt │ ├── clusterrole.yaml │ ├── serviceaccount.yaml │ ├── clusterrolebinding.yaml │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── deployment.yaml │ └── daemonset.yaml ├── Chart.yaml └── values.yaml ├── logstash ├── .helmignore ├── templates │ ├── NOTES.txt │ ├── configmap-config.yaml │ ├── configmap-pattern.yaml │ ├── configmap-pipeline.yaml │ ├── podsecuritypolicy.yaml │ ├── poddisruptionbudget.yaml │ ├── service-headless.yaml │ ├── _helpers.tpl │ ├── role.yaml │ ├── rolebinding.yaml │ ├── secret.yaml │ ├── serviceaccount.yaml │ ├── service.yaml │ ├── ingress.yaml │ └── statefulset.yaml ├── Chart.yaml └── values.yaml └── elasticsearch ├── .helmignore ├── templates ├── NOTES.txt ├── poddisruptionbudget.yaml ├── configmap.yaml ├── podsecuritypolicy.yaml ├── serviceaccount.yaml ├── role.yaml ├── rolebinding.yaml ├── test │ └── test-elasticsearch-health.yaml ├── ingress.yaml ├── _helpers.tpl ├── networkpolicy.yaml ├── service.yaml └── statefulset.yaml ├── Chart.yaml └── values.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # elk-filebeat 2 | -------------------------------------------------------------------------------- /kibana/.helmignore: -------------------------------------------------------------------------------- 1 | tests/ 2 | .pytest_cache/ 3 | -------------------------------------------------------------------------------- /filebeat/.helmignore: -------------------------------------------------------------------------------- 1 | tests/ 2 | .pytest_cache/ 3 | -------------------------------------------------------------------------------- /logstash/.helmignore: -------------------------------------------------------------------------------- 1 | tests/ 2 | .pytest_cache/ 3 | -------------------------------------------------------------------------------- /elasticsearch/.helmignore: -------------------------------------------------------------------------------- 1 | tests/ 2 | .pytest_cache/ 3 | -------------------------------------------------------------------------------- /filebeat/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Watch all containers come up. 2 | $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "filebeat.fullname" . }} -w 3 | -------------------------------------------------------------------------------- /logstash/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Watch all cluster members come up. 2 | $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "logstash.fullname" . }} -w 3 | -------------------------------------------------------------------------------- /elasticsearch/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Watch all cluster members come up. 2 | $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w 3 | {{- if .Values.tests.enabled -}} 4 | 2. Test cluster health using Helm test. 5 | $ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /kibana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 7.15.0 3 | description: Official Elastic helm chart for Kibana 4 | home: https://github.com/elastic/helm-charts 5 | icon: https://helm.elastic.co/icons/kibana.png 6 | maintainers: 7 | - email: helm-charts@elastic.co 8 | name: Elastic 9 | name: kibana 10 | sources: 11 | - https://github.com/elastic/kibana 12 | version: 7.15.0 13 | -------------------------------------------------------------------------------- /filebeat/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 7.15.0 3 | description: Official Elastic helm chart for Filebeat 4 | home: https://github.com/elastic/helm-charts 5 | icon: https://helm.elastic.co/icons/beats.png 6 | maintainers: 7 | - email: helm-charts@elastic.co 8 | name: Elastic 9 | name: filebeat 10 | sources: 11 | - https://github.com/elastic/beats 12 | version: 7.15.0 13 | -------------------------------------------------------------------------------- /logstash/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 7.15.0 3 | description: Official Elastic helm chart for Logstash 4 | home: https://github.com/elastic/helm-charts 5 | icon: https://helm.elastic.co/icons/logstash.png 6 | maintainers: 7 | - email: helm-charts@elastic.co 8 | name: Elastic 9 | name: logstash 10 | sources: 11 | - https://github.com/elastic/logstash 12 | version: 7.15.0 13 | -------------------------------------------------------------------------------- /elasticsearch/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.maxUnavailable }} 3 | apiVersion: policy/v1beta1 4 | kind: PodDisruptionBudget 5 | metadata: 6 | name: "{{ template "elasticsearch.uname" . }}-pdb" 7 | spec: 8 | maxUnavailable: {{ .Values.maxUnavailable }} 9 | selector: 10 | matchLabels: 11 | app: "{{ template "elasticsearch.uname" . }}" 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /kibana/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kibanaConfig }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "kibana.fullname" . }}-config 7 | labels: {{ include "kibana.labels" . | nindent 4 }} 8 | data: 9 | {{- range $path, $config := .Values.kibanaConfig }} 10 | {{ $path }}: | 11 | {{ tpl $config $ | indent 4 -}} 12 | {{- end -}} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /elasticsearch/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 7.15.0 3 | description: Official Elastic helm chart for Elasticsearch 4 | home: https://github.com/elastic/helm-charts 5 | icon: https://helm.elastic.co/icons/elasticsearch.png 6 | maintainers: 7 | - email: helm-charts@elastic.co 8 | name: Elastic 9 | name: elasticsearch 10 | sources: 11 | - https://github.com/elastic/elasticsearch 12 | version: 7.15.0 13 | -------------------------------------------------------------------------------- /filebeat/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.managedServiceAccount }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "filebeat.serviceAccount" . }}-cluster-role 6 | labels: 7 | app: "{{ template "filebeat.fullname" . }}" 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | heritage: {{ .Release.Service | quote }} 10 | release: {{ .Release.Name | quote }} 11 | rules: {{ toYaml .Values.clusterRoleRules | nindent 2 -}} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /elasticsearch/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.esConfig }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "elasticsearch.uname" . }}-config 6 | labels: 7 | heritage: {{ .Release.Service | quote }} 8 | release: {{ .Release.Name | quote }} 9 | chart: "{{ .Chart.Name }}" 10 | app: "{{ template "elasticsearch.uname" . }}" 11 | data: 12 | {{- range $path, $config := .Values.esConfig }} 13 | {{ $path }}: | 14 | {{ $config | indent 4 -}} 15 | {{- end -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /logstash/templates/configmap-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.logstashConfig }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "logstash.fullname" . }}-config 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | data: 13 | {{- range $path, $config := .Values.logstashConfig }} 14 | {{ $path }}: | 15 | {{ tpl $config $ | indent 4 -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /logstash/templates/configmap-pattern.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.logstashPattern }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "logstash.fullname" . }}-pattern 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | data: 13 | {{- range $path, $config := .Values.logstashPattern }} 14 | {{ $path }}: | 15 | {{ tpl $config $ | indent 4 -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /filebeat/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.managedServiceAccount }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "filebeat.serviceAccount" . }} 6 | annotations: 7 | {{- with .Values.serviceAccountAnnotations }} 8 | {{- toYaml . | nindent 4 }} 9 | {{- end }} 10 | labels: 11 | app: "{{ template "filebeat.fullname" . }}" 12 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 13 | heritage: {{ .Release.Service | quote }} 14 | release: {{ .Release.Name | quote }} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /logstash/templates/configmap-pipeline.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.logstashPipeline }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "logstash.fullname" . }}-pipeline 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | data: 13 | {{- range $path, $config := .Values.logstashPipeline }} 14 | {{ $path }}: | 15 | {{ tpl $config $ | indent 4 -}} 16 | {{- end -}} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /logstash/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.create -}} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | apiVersion: policy/v1beta1 4 | kind: PodSecurityPolicy 5 | metadata: 6 | name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | spec: 13 | {{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /logstash/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.maxUnavailable }} 3 | apiVersion: policy/v1beta1 4 | kind: PodDisruptionBudget 5 | metadata: 6 | name: "{{ template "logstash.fullname" . }}-pdb" 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | spec: 13 | maxUnavailable: {{ .Values.maxUnavailable }} 14 | selector: 15 | matchLabels: 16 | app: "{{ template "logstash.fullname" . }}" 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /elasticsearch/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: policy/v1beta1 4 | kind: PodSecurityPolicy 5 | metadata: 6 | name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | spec: 13 | {{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /logstash/templates/service-headless.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Service 3 | apiVersion: v1 4 | metadata: 5 | name: "{{ template "logstash.fullname" . }}-headless" 6 | labels: 7 | app: "{{ template "logstash.fullname" . }}" 8 | chart: "{{ .Chart.Name }}" 9 | heritage: {{ .Release.Service | quote }} 10 | release: {{ .Release.Name | quote }} 11 | {{- if .Values.labels }} 12 | {{ toYaml .Values.labels | indent 4 }} 13 | {{- end }} 14 | spec: 15 | clusterIP: None 16 | selector: 17 | app: "{{ template "logstash.fullname" . }}" 18 | ports: 19 | - name: http 20 | port: {{ .Values.httpPort }} 21 | -------------------------------------------------------------------------------- /elasticsearch/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | {{- if eq .Values.rbac.serviceAccountName "" }} 7 | name: {{ $fullName | quote }} 8 | {{- else }} 9 | name: {{ .Values.rbac.serviceAccountName | quote }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.rbac.serviceAccountAnnotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | labels: 16 | heritage: {{ .Release.Service | quote }} 17 | release: {{ .Release.Name | quote }} 18 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 19 | app: {{ $fullName | quote }} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /filebeat/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.managedServiceAccount }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "filebeat.serviceAccount" . }}-cluster-role-binding 6 | labels: 7 | app: "{{ template "filebeat.fullname" . }}" 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | heritage: {{ .Release.Service | quote }} 10 | release: {{ .Release.Name | quote }} 11 | roleRef: 12 | kind: ClusterRole 13 | name: {{ template "filebeat.serviceAccount" . }}-cluster-role 14 | apiGroup: rbac.authorization.k8s.io 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "filebeat.serviceAccount" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /logstash/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "logstash.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "logstash.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 19 | {{- end -}} 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /logstash/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | rules: 13 | - apiGroups: 14 | - extensions 15 | resources: 16 | - podsecuritypolicies 17 | resourceNames: 18 | {{- if eq .Values.podSecurityPolicy.name "" }} 19 | - {{ $fullName | quote }} 20 | {{- else }} 21 | - {{ .Values.podSecurityPolicy.name | quote }} 22 | {{- end }} 23 | verbs: 24 | - use 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /elasticsearch/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | rules: 13 | - apiGroups: 14 | - extensions 15 | resources: 16 | - podsecuritypolicies 17 | resourceNames: 18 | {{- if eq .Values.podSecurityPolicy.name "" }} 19 | - {{ $fullName | quote }} 20 | {{- else }} 21 | - {{ .Values.podSecurityPolicy.name | quote }} 22 | {{- end }} 23 | verbs: 24 | - use 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /logstash/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | subjects: 13 | - kind: ServiceAccount 14 | {{- if eq .Values.rbac.serviceAccountName "" }} 15 | name: {{ $fullName | quote }} 16 | {{- else }} 17 | name: {{ .Values.rbac.serviceAccountName | quote }} 18 | {{- end }} 19 | namespace: {{ .Release.Namespace | quote }} 20 | roleRef: 21 | kind: Role 22 | name: {{ $fullName | quote }} 23 | apiGroup: rbac.authorization.k8s.io 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /elasticsearch/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ $fullName | quote }} 7 | labels: 8 | heritage: {{ .Release.Service | quote }} 9 | release: {{ .Release.Name | quote }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | app: {{ $fullName | quote }} 12 | subjects: 13 | - kind: ServiceAccount 14 | {{- if eq .Values.rbac.serviceAccountName "" }} 15 | name: {{ $fullName | quote }} 16 | {{- else }} 17 | name: {{ .Values.rbac.serviceAccountName | quote }} 18 | {{- end }} 19 | namespace: {{ .Release.Namespace | quote }} 20 | roleRef: 21 | kind: Role 22 | name: {{ $fullName | quote }} 23 | apiGroup: rbac.authorization.k8s.io 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /logstash/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets }} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | {{- range .Values.secrets }} 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: {{ printf "%s-%s" $fullName .name | quote }} 9 | labels: 10 | app: {{ $fullName | quote }} 11 | chart: {{ $.Chart.Name | quote }} 12 | heritage: {{ $.Release.Service | quote }} 13 | release: {{ $.Release.Name | quote }} 14 | {{- range $key, $value := $.Values.labels }} 15 | {{ $key }}: {{ $value | quote }} 16 | {{- end }} 17 | data: 18 | {{- range $key, $val := .value }} 19 | {{- if hasSuffix "filepath" $key }} 20 | {{ $key | replace ".filepath" "" }}: {{ $.Files.Get $val | b64enc | quote }} 21 | {{ else }} 22 | {{ $key }}: {{ $val | b64enc | quote }} 23 | {{- end }} 24 | {{- end }} 25 | type: Opaque 26 | {{- end }} 27 | {{- end }} -------------------------------------------------------------------------------- /logstash/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | {{- if eq .Values.rbac.serviceAccountName "" }} 7 | name: {{ $fullName | quote }} 8 | {{- else }} 9 | name: {{ .Values.rbac.serviceAccountName | quote }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.rbac.serviceAccountAnnotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | labels: 16 | app: "{{ template "logstash.fullname" . }}" 17 | chart: "{{ .Chart.Name }}" 18 | heritage: {{ .Release.Service | quote }} 19 | release: {{ .Release.Name | quote }} 20 | {{- if .Values.rbac.annotations }} 21 | annotations: 22 | {{- range $key, $value := .Values.rbac.annotations }} 23 | {{ $key }}: {{ $value | quote }} 24 | {{- end }} 25 | {{- end }} 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /logstash/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service }} 2 | --- 3 | kind: Service 4 | apiVersion: v1 5 | metadata: 6 | name: "{{ template "logstash.fullname" . }}" 7 | labels: 8 | app: "{{ template "logstash.fullname" . }}" 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | annotations: 13 | {{ toYaml .Values.service.annotations | indent 4 }} 14 | spec: 15 | type: {{ .Values.service.type }} 16 | {{- if .Values.service.loadBalancerIP }} 17 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 18 | {{- end }} 19 | {{- with .Values.service.loadBalancerSourceRanges }} 20 | loadBalancerSourceRanges: 21 | {{ toYaml . | indent 4 }} 22 | {{- end }} 23 | selector: 24 | app: "{{ template "logstash.fullname" . }}" 25 | chart: "{{ .Chart.Name }}" 26 | release: {{ .Release.Name | quote }} 27 | ports: 28 | {{ toYaml .Values.service.ports | indent 4 }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /logstash/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "logstash.fullname" . -}} 3 | apiVersion: networking.k8s.io/v1beta1 4 | kind: Ingress 5 | metadata: 6 | name: {{ $fullName }} 7 | labels: 8 | app: {{ $fullName | quote}} 9 | chart: "{{ .Chart.Name }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | {{- with .Values.ingress.annotations }} 13 | annotations: 14 | {{ toYaml . | indent 4 }} 15 | {{- end }} 16 | spec: 17 | {{- if .Values.ingress.tls }} 18 | tls: 19 | {{ toYaml .Values.ingress.tls | indent 4 }} 20 | {{- end }} 21 | rules: 22 | {{- range $.Values.ingress.hosts }} 23 | - host: {{ .host }} 24 | http: 25 | paths: 26 | {{- range .paths }} 27 | - path: {{ .path }} 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ .servicePort }} 31 | {{- end }} 32 | {{- end }} 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /kibana/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "kibana.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "kibana.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Release.Name .Values.nameOverride -}} 18 | {{- printf "%s-%s" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{/* 23 | Common labels 24 | */}} 25 | {{- define "kibana.labels" -}} 26 | app: {{ .Chart.Name }} 27 | release: {{ .Release.Name | quote }} 28 | heritage: {{ .Release.Service }} 29 | {{- if .Values.labels }} 30 | {{ toYaml .Values.labels }} 31 | {{- end }} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /kibana/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "kibana.fullname" . }} 6 | labels: {{ include "kibana.labels" . | nindent 4 }} 7 | {{- if .Values.service.labels }} 8 | {{ toYaml .Values.service.labels | indent 4}} 9 | {{- end }} 10 | {{- with .Values.service.annotations }} 11 | annotations: 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | spec: 15 | type: {{ .Values.service.type }} 16 | {{- if .Values.service.loadBalancerIP }} 17 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 18 | {{- end }} 19 | {{- with .Values.service.loadBalancerSourceRanges }} 20 | loadBalancerSourceRanges: 21 | {{ toYaml . | indent 4 }} 22 | {{- end }} 23 | ports: 24 | - port: {{ .Values.service.port }} 25 | {{- if .Values.service.nodePort }} 26 | nodePort: {{ .Values.service.nodePort }} 27 | {{- end }} 28 | protocol: TCP 29 | name: {{ .Values.service.httpPortName | default "http" }} 30 | targetPort: {{ .Values.httpPort }} 31 | selector: 32 | app: {{ .Chart.Name }} 33 | release: {{ .Release.Name | quote }} 34 | -------------------------------------------------------------------------------- /filebeat/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "filebeat.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "filebeat.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | {{/* 23 | Use the fullname if the serviceAccount value is not set 24 | */}} 25 | {{- define "filebeat.serviceAccount" -}} 26 | {{- if .Values.serviceAccount }} 27 | {{- .Values.serviceAccount -}} 28 | {{- else }} 29 | {{- $name := default .Chart.Name .Values.nameOverride -}} 30 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 31 | {{- end -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /elasticsearch/templates/test/test-elasticsearch-health.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.tests.enabled -}} 3 | apiVersion: v1 4 | kind: Pod 5 | metadata: 6 | {{- if .Values.healthNameOverride }} 7 | name: {{ .Values.healthNameOverride | quote }} 8 | {{- else }} 9 | name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" 10 | {{- end }} 11 | annotations: 12 | "helm.sh/hook": test 13 | "helm.sh/hook-delete-policy": hook-succeeded 14 | spec: 15 | securityContext: 16 | {{ toYaml .Values.podSecurityContext | indent 4 }} 17 | containers: 18 | {{- if .Values.healthNameOverride }} 19 | - name: {{ .Values.healthNameOverride | quote }} 20 | {{- else }} 21 | - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" 22 | {{- end }} 23 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 24 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 25 | command: 26 | - "sh" 27 | - "-c" 28 | - | 29 | #!/usr/bin/env bash -e 30 | curl -XGET --fail '{{ template "elasticsearch.uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}' 31 | {{- if .Values.imagePullSecrets }} 32 | imagePullSecrets: 33 | {{ toYaml .Values.imagePullSecrets | indent 4 }} 34 | {{- end }} 35 | restartPolicy: Never 36 | {{- end -}} 37 | -------------------------------------------------------------------------------- /kibana/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "kibana.fullname" . -}} 3 | {{- $httpPort := .Values.httpPort -}} 4 | {{- $ingressPath := .Values.ingress.path -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: {{ include "kibana.labels" . | nindent 4 }} 10 | {{- with .Values.ingress.annotations }} 11 | annotations: 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | spec: 15 | {{- if .Values.ingress.tls }} 16 | tls: 17 | {{- if .ingressPath }} 18 | {{- range .Values.ingress.tls }} 19 | - hosts: 20 | {{- range .hosts }} 21 | - {{ . }} 22 | {{- end }} 23 | secretName: {{ .secretName }} 24 | {{- end }} 25 | {{- else }} 26 | {{ toYaml .Values.ingress.tls | indent 4 }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | {{- if $ingressPath }} 32 | - host: {{ . }} 33 | http: 34 | paths: 35 | - path: {{ $ingressPath }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $httpPort }} 39 | {{- else }} 40 | - host: {{ .host }} 41 | http: 42 | paths: 43 | {{- range .paths }} 44 | - path: {{ .path }} 45 | backend: 46 | serviceName: {{ $fullName }} 47 | servicePort: {{ .servicePort | default $httpPort }} 48 | {{- end }} 49 | {{- end }} 50 | {{- end }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /elasticsearch/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "elasticsearch.uname" . -}} 3 | {{- $httpPort := .Values.httpPort -}} 4 | {{- $ingressPath := .Values.ingress.path -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: 10 | app: {{ .Chart.Name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.ingress.annotations }} 14 | annotations: 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.ingress.tls }} 19 | tls: 20 | {{- if .ingressPath }} 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- else }} 29 | {{ toYaml .Values.ingress.tls | indent 4 }} 30 | {{- end }} 31 | {{- end }} 32 | rules: 33 | {{- range .Values.ingress.hosts }} 34 | {{- if $ingressPath }} 35 | - host: {{ . }} 36 | http: 37 | paths: 38 | - path: {{ $ingressPath }} 39 | backend: 40 | serviceName: {{ $fullName }} 41 | servicePort: {{ $httpPort }} 42 | {{- else }} 43 | - host: {{ .host }} 44 | http: 45 | paths: 46 | {{- range .paths }} 47 | - path: {{ .path }} 48 | backend: 49 | serviceName: {{ $fullName }} 50 | servicePort: {{ .servicePort | default $httpPort }} 51 | {{- end }} 52 | {{- end }} 53 | {{- end }} 54 | {{- end }} 55 | -------------------------------------------------------------------------------- /filebeat/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.filebeatConfig }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ template "filebeat.fullname" . }}-config 7 | labels: 8 | app: "{{ template "filebeat.fullname" . }}" 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | data: 13 | {{- range $path, $config := .Values.filebeatConfig }} 14 | {{ $path }}: | 15 | {{ $config | indent 4 -}} 16 | {{- end -}} 17 | {{- end -}} 18 | 19 | {{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} 20 | --- 21 | apiVersion: v1 22 | kind: ConfigMap 23 | metadata: 24 | name: {{ template "filebeat.fullname" . }}-daemonset-config 25 | labels: 26 | app: "{{ template "filebeat.fullname" . }}" 27 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 28 | heritage: {{ .Release.Service | quote }} 29 | release: {{ .Release.Name | quote }} 30 | data: 31 | {{- range $path, $config := .Values.daemonset.filebeatConfig }} 32 | {{ $path }}: | 33 | {{ $config | indent 4 -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} 38 | --- 39 | apiVersion: v1 40 | kind: ConfigMap 41 | metadata: 42 | name: {{ template "filebeat.fullname" . }}-deployment-config 43 | labels: 44 | app: "{{ template "filebeat.fullname" . }}" 45 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 46 | heritage: {{ .Release.Service | quote }} 47 | release: {{ .Release.Name | quote }} 48 | data: 49 | {{- range $path, $config := .Values.deployment.filebeatConfig }} 50 | {{ $path }}: | 51 | {{ $config | indent 4 -}} 52 | {{- end -}} 53 | {{- end -}} 54 | -------------------------------------------------------------------------------- /elasticsearch/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "elasticsearch.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "elasticsearch.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | 18 | {{- define "elasticsearch.uname" -}} 19 | {{- if empty .Values.fullnameOverride -}} 20 | {{- if empty .Values.nameOverride -}} 21 | {{ .Values.clusterName }}-{{ .Values.nodeGroup }} 22 | {{- else -}} 23 | {{ .Values.nameOverride }}-{{ .Values.nodeGroup }} 24 | {{- end -}} 25 | {{- else -}} 26 | {{ .Values.fullnameOverride }} 27 | {{- end -}} 28 | {{- end -}} 29 | 30 | {{- define "elasticsearch.masterService" -}} 31 | {{- if empty .Values.masterService -}} 32 | {{- if empty .Values.fullnameOverride -}} 33 | {{- if empty .Values.nameOverride -}} 34 | {{ .Values.clusterName }}-master 35 | {{- else -}} 36 | {{ .Values.nameOverride }}-master 37 | {{- end -}} 38 | {{- else -}} 39 | {{ .Values.fullnameOverride }} 40 | {{- end -}} 41 | {{- else -}} 42 | {{ .Values.masterService }} 43 | {{- end -}} 44 | {{- end -}} 45 | 46 | {{- define "elasticsearch.endpoints" -}} 47 | {{- $replicas := int (toString (.Values.replicas)) }} 48 | {{- $uname := (include "elasticsearch.uname" .) }} 49 | {{- range $i, $e := untilStep 0 $replicas 1 -}} 50 | {{ $uname }}-{{ $i }}, 51 | {{- end -}} 52 | {{- end -}} 53 | 54 | {{- define "elasticsearch.esMajorVersion" -}} 55 | {{- if .Values.esMajorVersion -}} 56 | {{ .Values.esMajorVersion }} 57 | {{- else -}} 58 | {{- $version := int (index (.Values.imageTag | splitList ".") 0) -}} 59 | {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.image) (not (eq $version 0)) -}} 60 | {{ $version }} 61 | {{- else -}} 62 | 7 63 | {{- end -}} 64 | {{- end -}} 65 | {{- end -}} 66 | -------------------------------------------------------------------------------- /elasticsearch/templates/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: {{ template "elasticsearch.uname" . }} 6 | labels: 7 | heritage: {{ .Release.Service | quote }} 8 | release: {{ .Release.Name | quote }} 9 | chart: "{{ .Chart.Name }}" 10 | app: "{{ template "elasticsearch.uname" . }}" 11 | spec: 12 | podSelector: 13 | matchLabels: 14 | app: "{{ template "elasticsearch.uname" . }}" 15 | ingress: # Allow inbound connections 16 | 17 | {{- if .Values.networkPolicy.http.enabled }} 18 | # For HTTP access 19 | - ports: 20 | - port: {{ .Values.httpPort }} 21 | from: 22 | # From authorized Pods (having the correct label) 23 | - podSelector: 24 | matchLabels: 25 | {{ template "elasticsearch.uname" . }}-http-client: "true" 26 | {{- with .Values.networkPolicy.http.explicitNamespacesSelector }} 27 | # From authorized namespaces 28 | namespaceSelector: 29 | {{ toYaml . | indent 12 }} 30 | {{- end }} 31 | {{- with .Values.networkPolicy.http.additionalRules }} 32 | # Or from custom additional rules 33 | {{ toYaml . | indent 8 }} 34 | {{- end }} 35 | {{- end }} 36 | 37 | {{- if .Values.networkPolicy.transport.enabled }} 38 | # For transport access 39 | - ports: 40 | - port: {{ .Values.transportPort }} 41 | from: 42 | # From authorized Pods (having the correct label) 43 | - podSelector: 44 | matchLabels: 45 | {{ template "elasticsearch.uname" . }}-transport-client: "true" 46 | {{- with .Values.networkPolicy.transport.explicitNamespacesSelector }} 47 | # From authorized namespaces 48 | namespaceSelector: 49 | {{ toYaml . | indent 12 }} 50 | {{- end }} 51 | {{- with .Values.networkPolicy.transport.additionalRules }} 52 | # Or from custom additional rules 53 | {{ toYaml . | indent 8 }} 54 | {{- end }} 55 | # Or from other ElasticSearch Pods 56 | - podSelector: 57 | matchLabels: 58 | app: "{{ template "elasticsearch.uname" . }}" 59 | {{- end }} 60 | 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /elasticsearch/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.service.enabled -}} 3 | kind: Service 4 | apiVersion: v1 5 | metadata: 6 | {{- if eq .Values.nodeGroup "master" }} 7 | name: {{ template "elasticsearch.masterService" . }} 8 | {{- else }} 9 | name: {{ template "elasticsearch.uname" . }} 10 | {{- end }} 11 | labels: 12 | heritage: {{ .Release.Service | quote }} 13 | release: {{ .Release.Name | quote }} 14 | chart: "{{ .Chart.Name }}" 15 | app: "{{ template "elasticsearch.uname" . }}" 16 | {{- if .Values.service.labels }} 17 | {{ toYaml .Values.service.labels | indent 4}} 18 | {{- end }} 19 | annotations: 20 | {{ toYaml .Values.service.annotations | indent 4 }} 21 | spec: 22 | type: {{ .Values.service.type }} 23 | selector: 24 | release: {{ .Release.Name | quote }} 25 | chart: "{{ .Chart.Name }}" 26 | app: "{{ template "elasticsearch.uname" . }}" 27 | ports: 28 | - name: {{ .Values.service.httpPortName | default "http" }} 29 | protocol: TCP 30 | port: {{ .Values.httpPort }} 31 | {{- if .Values.service.nodePort }} 32 | nodePort: {{ .Values.service.nodePort }} 33 | {{- end }} 34 | - name: {{ .Values.service.transportPortName | default "transport" }} 35 | protocol: TCP 36 | port: {{ .Values.transportPort }} 37 | {{- if .Values.service.loadBalancerIP }} 38 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 39 | {{- end }} 40 | {{- with .Values.service.loadBalancerSourceRanges }} 41 | loadBalancerSourceRanges: 42 | {{ toYaml . | indent 4 }} 43 | {{- end }} 44 | {{- if .Values.service.externalTrafficPolicy }} 45 | externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} 46 | {{- end }} 47 | {{- end }} 48 | --- 49 | kind: Service 50 | apiVersion: v1 51 | metadata: 52 | {{- if eq .Values.nodeGroup "master" }} 53 | name: {{ template "elasticsearch.masterService" . }}-headless 54 | {{- else }} 55 | name: {{ template "elasticsearch.uname" . }}-headless 56 | {{- end }} 57 | labels: 58 | heritage: {{ .Release.Service | quote }} 59 | release: {{ .Release.Name | quote }} 60 | chart: "{{ .Chart.Name }}" 61 | app: "{{ template "elasticsearch.uname" . }}" 62 | {{- if .Values.service.labelsHeadless }} 63 | {{ toYaml .Values.service.labelsHeadless | indent 4 }} 64 | {{- end }} 65 | annotations: 66 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 67 | spec: 68 | clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve 69 | # Create endpoints also if the related pod isn't ready 70 | publishNotReadyAddresses: true 71 | selector: 72 | app: "{{ template "elasticsearch.uname" . }}" 73 | ports: 74 | - name: {{ .Values.service.httpPortName | default "http" }} 75 | port: {{ .Values.httpPort }} 76 | - name: {{ .Values.service.transportPortName | default "transport" }} 77 | port: {{ .Values.transportPort }} 78 | -------------------------------------------------------------------------------- /kibana/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elasticsearchHosts: "http://elasticsearch-master:9200" 3 | 4 | replicas: 1 5 | 6 | # Extra environment variables to append to this nodeGroup 7 | # This will be appended to the current 'env:' key. You can use any of the kubernetes env 8 | # syntax here 9 | extraEnvs: 10 | - name: "NODE_OPTIONS" 11 | value: "--max-old-space-size=1800" 12 | # - name: MY_ENVIRONMENT_VAR 13 | # value: the_value_goes_here 14 | 15 | # Allows you to load environment variables from kubernetes secret or config map 16 | envFrom: [] 17 | # - secretRef: 18 | # name: env-secret 19 | # - configMapRef: 20 | # name: config-map 21 | 22 | # A list of secrets and their paths to mount inside the pod 23 | # This is useful for mounting certificates for security and for mounting 24 | # the X-Pack license 25 | secretMounts: [] 26 | # - name: kibana-keystore 27 | # secretName: kibana-keystore 28 | # path: /usr/share/kibana/data/kibana.keystore 29 | # subPath: kibana.keystore # optional 30 | 31 | hostAliases: [] 32 | #- ip: "127.0.0.1" 33 | # hostnames: 34 | # - "foo.local" 35 | # - "bar.local" 36 | 37 | image: "docker.elastic.co/kibana/kibana" 38 | imageTag: "7.15.0" 39 | imagePullPolicy: "IfNotPresent" 40 | 41 | # additionals labels 42 | labels: {} 43 | 44 | podAnnotations: 45 | {} 46 | # iam.amazonaws.com/role: es-cluster 47 | 48 | resources: 49 | requests: 50 | cpu: "1000m" 51 | memory: "2Gi" 52 | limits: 53 | cpu: "1000m" 54 | memory: "2Gi" 55 | 56 | protocol: http 57 | 58 | serverHost: "0.0.0.0" 59 | 60 | healthCheckPath: "/app/kibana" 61 | 62 | # Allows you to add any config files in /usr/share/kibana/config/ 63 | # such as kibana.yml 64 | kibanaConfig: {} 65 | # kibana.yml: | 66 | # key: 67 | # nestedkey: value 68 | 69 | # If Pod Security Policy in use it may be required to specify security context as well as service account 70 | 71 | podSecurityContext: 72 | fsGroup: 1000 73 | 74 | securityContext: 75 | capabilities: 76 | drop: 77 | - ALL 78 | # readOnlyRootFilesystem: true 79 | runAsNonRoot: true 80 | runAsUser: 1000 81 | 82 | serviceAccount: "" 83 | 84 | # This is the PriorityClass settings as defined in 85 | # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 86 | priorityClassName: "" 87 | 88 | httpPort: 5601 89 | 90 | extraVolumes: 91 | [] 92 | # - name: extras 93 | # emptyDir: {} 94 | 95 | extraVolumeMounts: 96 | [] 97 | # - name: extras 98 | # mountPath: /usr/share/extras 99 | # readOnly: true 100 | # 101 | extraContainers: "" 102 | # - name: dummy-init 103 | # image: busybox 104 | # command: ['echo', 'hey'] 105 | 106 | extraInitContainers: "" 107 | # - name: dummy-init 108 | # image: busybox 109 | # command: ['echo', 'hey'] 110 | 111 | updateStrategy: 112 | type: "Recreate" 113 | 114 | service: 115 | type: ClusterIP 116 | loadBalancerIP: "" 117 | port: 5601 118 | nodePort: "" 119 | labels: {} 120 | annotations: 121 | {} 122 | # cloud.google.com/load-balancer-type: "Internal" 123 | # service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 124 | # service.beta.kubernetes.io/azure-load-balancer-internal: "true" 125 | # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" 126 | # service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true" 127 | loadBalancerSourceRanges: 128 | [] 129 | # 0.0.0.0/0 130 | httpPortName: http 131 | 132 | ingress: 133 | enabled: true 134 | annotations: 135 | kubernetes.io/ingress.class: nginx 136 | # kubernetes.io/tls-acme: "true" 137 | hosts: 138 | - host: kubernetes.docker.internal 139 | paths: 140 | - path: / 141 | tls: [] 142 | # - secretName: chart-example-tls 143 | # hosts: 144 | # - chart-example.local 145 | 146 | readinessProbe: 147 | failureThreshold: 3 148 | initialDelaySeconds: 10 149 | periodSeconds: 10 150 | successThreshold: 3 151 | timeoutSeconds: 5 152 | 153 | imagePullSecrets: [] 154 | nodeSelector: {} 155 | tolerations: [] 156 | affinity: {} 157 | 158 | nameOverride: "" 159 | fullnameOverride: "" 160 | 161 | lifecycle: 162 | {} 163 | # preStop: 164 | # exec: 165 | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] 166 | # postStart: 167 | # exec: 168 | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] 169 | 170 | # Deprecated - use only with versions < 6.6 171 | elasticsearchURL: "" # "http://elasticsearch-master:9200" 172 | -------------------------------------------------------------------------------- /kibana/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "kibana.fullname" . }} 5 | labels: {{ include "kibana.labels" . | nindent 4 }} 6 | spec: 7 | replicas: {{ .Values.replicas }} 8 | strategy: 9 | {{ toYaml .Values.updateStrategy | indent 4 }} 10 | selector: 11 | matchLabels: 12 | app: {{ .Chart.Name }} 13 | release: {{ .Release.Name | quote }} 14 | template: 15 | metadata: 16 | labels: 17 | app: {{ .Chart.Name }} 18 | release: {{ .Release.Name | quote }} 19 | {{- range $key, $value := .Values.labels }} 20 | {{ $key }}: {{ $value | quote }} 21 | {{- end }} 22 | annotations: 23 | {{- range $key, $value := .Values.podAnnotations }} 24 | {{ $key }}: {{ $value | quote }} 25 | {{- end }} 26 | {{/* This forces a restart if the configmap has changed */}} 27 | {{- if .Values.kibanaConfig }} 28 | configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} 29 | {{- end }} 30 | spec: 31 | {{- if .Values.priorityClassName }} 32 | priorityClassName: {{ .Values.priorityClassName }} 33 | {{- end }} 34 | securityContext: 35 | {{ toYaml .Values.podSecurityContext | indent 8 }} 36 | {{- if .Values.serviceAccount }} 37 | serviceAccount: {{ .Values.serviceAccount }} 38 | {{- end }} 39 | {{- if .Values.hostAliases }} 40 | hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} 41 | {{- end }} 42 | volumes: 43 | {{- range .Values.secretMounts }} 44 | - name: {{ .name }} 45 | secret: 46 | secretName: {{ .secretName }} 47 | {{- end }} 48 | {{- if .Values.kibanaConfig }} 49 | - name: kibanaconfig 50 | configMap: 51 | name: {{ template "kibana.fullname" . }}-config 52 | {{- end }} 53 | {{- if .Values.extraVolumes }} 54 | {{ toYaml .Values.extraVolumes | indent 8 }} 55 | {{- end }} 56 | {{- with .Values.nodeSelector }} 57 | nodeSelector: 58 | {{ toYaml . | indent 8 }} 59 | {{- end }} 60 | {{- with .Values.affinity }} 61 | affinity: 62 | {{ toYaml . | indent 8 }} 63 | {{- end }} 64 | {{- with .Values.tolerations }} 65 | tolerations: 66 | {{ toYaml . | indent 8 }} 67 | {{- end }} 68 | {{- if .Values.imagePullSecrets }} 69 | imagePullSecrets: 70 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 71 | {{- end }} 72 | {{- if .Values.extraInitContainers }} 73 | # Currently some extra blocks accept strings 74 | # to continue with backwards compatibility this is being kept 75 | # whilst also allowing for yaml to be specified too. 76 | initContainers: 77 | {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} 78 | {{ tpl .Values.extraInitContainers . | indent 6 }} 79 | {{- else }} 80 | {{ toYaml .Values.extraInitContainers | indent 6 }} 81 | {{- end }} 82 | {{- end }} 83 | containers: 84 | - name: kibana 85 | securityContext: 86 | {{ toYaml .Values.securityContext | indent 10 }} 87 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 88 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 89 | env: 90 | {{- if .Values.elasticsearchURL }} 91 | - name: ELASTICSEARCH_URL 92 | value: "{{ .Values.elasticsearchURL }}" 93 | {{- else if .Values.elasticsearchHosts }} 94 | - name: ELASTICSEARCH_HOSTS 95 | value: "{{ .Values.elasticsearchHosts }}" 96 | {{- end }} 97 | - name: SERVER_HOST 98 | value: "{{ .Values.serverHost }}" 99 | {{- if .Values.extraEnvs }} 100 | {{ toYaml .Values.extraEnvs | indent 10 }} 101 | {{- end }} 102 | {{- if .Values.envFrom }} 103 | envFrom: 104 | {{ toYaml .Values.envFrom | indent 10 }} 105 | {{- end }} 106 | readinessProbe: 107 | {{ toYaml .Values.readinessProbe | indent 10 }} 108 | exec: 109 | command: 110 | - sh 111 | - -c 112 | - | 113 | #!/usr/bin/env bash -e 114 | 115 | # Disable nss cache to avoid filling dentry cache when calling curl 116 | # This is required with Kibana Docker using nss < 3.52 117 | export NSS_SDB_USE_CACHE=no 118 | 119 | http () { 120 | local path="${1}" 121 | set -- -XGET -s --fail -L 122 | 123 | if [ -n "${ELASTICSEARCH_USERNAME}" ] && [ -n "${ELASTICSEARCH_PASSWORD}" ]; then 124 | set -- "$@" -u "${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" 125 | fi 126 | 127 | STATUS=$(curl --output /dev/null --write-out "%{http_code}" -k "$@" "{{ .Values.protocol }}://localhost:{{ .Values.httpPort }}${path}") 128 | if [[ "${STATUS}" -eq 200 ]]; then 129 | exit 0 130 | fi 131 | 132 | echo "Error: Got HTTP code ${STATUS} but expected a 200" 133 | exit 1 134 | } 135 | 136 | http "{{ .Values.healthCheckPath }}" 137 | ports: 138 | - containerPort: {{ .Values.httpPort }} 139 | {{- if .Values.lifecycle }} 140 | lifecycle: 141 | {{ toYaml .Values.lifecycle | indent 10 }} 142 | {{- end }} 143 | resources: 144 | {{ toYaml .Values.resources | indent 10 }} 145 | volumeMounts: 146 | {{- range .Values.secretMounts }} 147 | - name: {{ .name }} 148 | mountPath: {{ .path }} 149 | {{- if .subPath }} 150 | subPath: {{ .subPath }} 151 | {{- end }} 152 | {{- end }} 153 | {{- range $path, $config := .Values.kibanaConfig }} 154 | - name: kibanaconfig 155 | mountPath: /usr/share/kibana/config/{{ $path }} 156 | subPath: {{ $path }} 157 | {{- end -}} 158 | {{- if .Values.extraVolumeMounts }} 159 | {{ toYaml .Values.extraVolumeMounts | indent 10 }} 160 | {{- end }} 161 | {{- if .Values.extraContainers }} 162 | # Currently some extra blocks accept strings 163 | # to continue with backwards compatibility this is being kept 164 | # whilst also allowing for yaml to be specified too. 165 | {{- if eq "string" (printf "%T" .Values.extraContainers) }} 166 | {{ tpl .Values.extraContainers . | indent 6 }} 167 | {{- else }} 168 | {{ toYaml .Values.extraContainers | indent 6 }} 169 | {{- end }} 170 | {{- end }} 171 | -------------------------------------------------------------------------------- /filebeat/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Deploy singleton instance in the whole cluster for some unique data sources, like aws input 2 | {{- if .Values.deployment.enabled }} 3 | --- 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: {{ template "filebeat.fullname" . }} 8 | labels: 9 | app: "{{ template "filebeat.fullname" . }}" 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | heritage: '{{ .Release.Service }}' 12 | release: {{ .Release.Name }} 13 | {{- if .Values.deployment.labels }} 14 | {{- range $key, $value := .Values.deployment.labels }} 15 | {{ $key }}: {{ $value | quote }} 16 | {{- end }} 17 | {{- else }} 18 | {{- range $key, $value := .Values.labels }} 19 | {{ $key }}: {{ $value | quote }} 20 | {{- end }} 21 | {{- end }} 22 | {{- if .Values.deployment.annotations }} 23 | annotations: 24 | {{- range $key, $value := .Values.deployment.annotations }} 25 | {{ $key }}: {{ $value | quote }} 26 | {{- end }} 27 | {{- end }} 28 | spec: 29 | replicas: {{ .Values.replicas }} 30 | selector: 31 | matchLabels: 32 | app: "{{ template "filebeat.fullname" . }}" 33 | release: {{ .Release.Name | quote }} 34 | template: 35 | metadata: 36 | annotations: 37 | {{- range $key, $value := .Values.podAnnotations }} 38 | {{ $key }}: {{ $value | quote }} 39 | {{- end }} 40 | {{/* This forces a restart if the configmap has changed */}} 41 | {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} 42 | configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} 43 | {{- end }} 44 | labels: 45 | app: '{{ template "filebeat.fullname" . }}' 46 | chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' 47 | release: '{{ .Release.Name }}' 48 | {{- if .Values.deployment.labels }} 49 | {{- range $key, $value := .Values.deployment.labels }} 50 | {{ $key }}: {{ $value | quote }} 51 | {{- end }} 52 | {{- else }} 53 | {{- range $key, $value := .Values.labels }} 54 | {{ $key }}: {{ $value | quote }} 55 | {{- end }} 56 | {{- end }} 57 | spec: 58 | affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} 59 | nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} 60 | tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} 61 | {{- if .Values.priorityClassName }} 62 | priorityClassName: {{ .Values.priorityClassName }} 63 | {{- end }} 64 | serviceAccountName: {{ template "filebeat.serviceAccount" . }} 65 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} 66 | {{- if .Values.deployment.hostAliases }} 67 | hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 8 }} 68 | {{- end }} 69 | volumes: 70 | {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} 71 | - name: {{ .name }} 72 | secret: 73 | secretName: {{ .secretName }} 74 | {{- end }} 75 | {{- if .Values.filebeatConfig }} 76 | - name: filebeat-config 77 | configMap: 78 | defaultMode: 0600 79 | name: {{ template "filebeat.fullname" . }}-config 80 | {{- else if .Values.deployment.filebeatConfig }} 81 | - name: filebeat-config 82 | configMap: 83 | defaultMode: 0600 84 | name: {{ template "filebeat.fullname" . }}-deployment-config 85 | {{- end }} 86 | {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} 87 | {{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} 88 | {{- end }} 89 | {{- if .Values.imagePullSecrets }} 90 | imagePullSecrets: 91 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 92 | {{- end }} 93 | {{- if .Values.extraInitContainers }} 94 | initContainers: 95 | # All the other beats accept a string here while 96 | # filebeat accepts a valid yaml array. We're keeping 97 | # this as a backwards compatible change, while adding 98 | # also a way to pass a string as other templates to 99 | # make these implementations consistent. 100 | # https://github.com/elastic/helm-charts/issues/490 101 | {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} 102 | {{ tpl .Values.extraInitContainers . | indent 6 }} 103 | {{- else }} 104 | {{ toYaml .Values.extraInitContainers | indent 6 }} 105 | {{- end }} 106 | {{- end }} 107 | containers: 108 | - name: "filebeat" 109 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 110 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 111 | args: 112 | - "-e" 113 | - "-E" 114 | - "http.enabled=true" 115 | livenessProbe: 116 | {{ toYaml .Values.livenessProbe | indent 10 }} 117 | readinessProbe: 118 | {{ toYaml .Values.readinessProbe | indent 10 }} 119 | resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} 120 | env: 121 | - name: POD_NAMESPACE 122 | valueFrom: 123 | fieldRef: 124 | fieldPath: metadata.namespace 125 | {{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} 126 | {{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} 127 | {{- end }} 128 | envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} 129 | securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} 130 | volumeMounts: 131 | {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} 132 | - name: {{ .name }} 133 | mountPath: {{ .path }} 134 | {{- if .subPath }} 135 | subPath: {{ .subPath }} 136 | {{- end }} 137 | {{- end }} 138 | {{- range $path, $config := .Values.filebeatConfig }} 139 | - name: filebeat-config 140 | mountPath: /usr/share/filebeat/{{ $path }} 141 | readOnly: true 142 | subPath: {{ $path }} 143 | {{ else }} 144 | {{- range $path, $config := .Values.deployment.filebeatConfig }} 145 | - name: filebeat-config 146 | mountPath: /usr/share/filebeat/{{ $path }} 147 | readOnly: true 148 | subPath: {{ $path }} 149 | {{- end }} 150 | {{- end }} 151 | {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} 152 | {{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} 153 | {{- end }} 154 | {{- if .Values.extraContainers }} 155 | {{ tpl .Values.extraContainers . | indent 6 }} 156 | {{- end }} 157 | {{- end }} 158 | -------------------------------------------------------------------------------- /filebeat/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | daemonset: 3 | # Annotations to apply to the daemonset 4 | annotations: {} 5 | # additionals labels 6 | labels: {} 7 | affinity: {} 8 | # Include the daemonset 9 | enabled: true 10 | # Extra environment variables for Filebeat container. 11 | envFrom: [] 12 | # - configMapRef: 13 | # name: config-secret 14 | extraEnvs: [] 15 | # - name: MY_ENVIRONMENT_VAR 16 | # value: the_value_goes_here 17 | extraVolumes: 18 | [] 19 | # - name: extras 20 | # emptyDir: {} 21 | extraVolumeMounts: 22 | [] 23 | # - name: extras 24 | # mountPath: /usr/share/extras 25 | # readOnly: true 26 | hostNetworking: false 27 | # Allows you to add any config files in /usr/share/filebeat 28 | # such as filebeat.yml for daemonset 29 | filebeatConfig: 30 | filebeat.yml: | 31 | filebeat.inputs: 32 | - type: container 33 | paths: 34 | - /var/log/containers/*.log 35 | processors: 36 | - add_kubernetes_metadata: 37 | host: ${NODE_NAME} 38 | matchers: 39 | - logs_path: 40 | logs_path: "/var/log/containers/" 41 | 42 | output.logstash: 43 | hosts: ["logstash-logstash:5044"] 44 | # Only used when updateStrategy is set to "RollingUpdate" 45 | maxUnavailable: 1 46 | nodeSelector: {} 47 | # A list of secrets and their paths to mount inside the pod 48 | # This is useful for mounting certificates for security other sensitive values 49 | secretMounts: [] 50 | # - name: filebeat-certificates 51 | # secretName: filebeat-certificates 52 | # path: /usr/share/filebeat/certs 53 | # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. 54 | # 55 | # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. 56 | # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. 57 | securityContext: 58 | runAsUser: 0 59 | privileged: false 60 | resources: 61 | requests: 62 | cpu: "100m" 63 | memory: "100Mi" 64 | limits: 65 | cpu: "1000m" 66 | memory: "200Mi" 67 | tolerations: [] 68 | 69 | deployment: 70 | # Annotations to apply to the deployment 71 | annotations: {} 72 | # additionals labels 73 | labels: {} 74 | affinity: {} 75 | # Include the deployment 76 | enabled: false 77 | # Extra environment variables for Filebeat container. 78 | envFrom: [] 79 | # - configMapRef: 80 | # name: config-secret 81 | extraEnvs: [] 82 | # - name: MY_ENVIRONMENT_VAR 83 | # value: the_value_goes_here 84 | # Allows you to add any config files in /usr/share/filebeat 85 | extraVolumes: [] 86 | # - name: extras 87 | # emptyDir: {} 88 | extraVolumeMounts: [] 89 | # - name: extras 90 | # mountPath: /usr/share/extras 91 | # readOnly: true 92 | # such as filebeat.yml for deployment 93 | filebeatConfig: 94 | filebeat.yml: | 95 | filebeat.inputs: 96 | - type: tcp 97 | max_message_size: 10MiB 98 | host: "localhost:9000" 99 | 100 | output.elasticsearch: 101 | host: '${NODE_NAME}' 102 | hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' 103 | nodeSelector: {} 104 | # A list of secrets and their paths to mount inside the pod 105 | # This is useful for mounting certificates for security other sensitive values 106 | secretMounts: [] 107 | # - name: filebeat-certificates 108 | # secretName: filebeat-certificates 109 | # path: /usr/share/filebeat/certs 110 | # 111 | # - User that the container will execute as. 112 | # Not necessary to run as root (0) as the Filebeat Deployment use cases do not need access to Kubernetes Node internals 113 | # - Typically not necessarily unless running within environments such as OpenShift. 114 | securityContext: 115 | runAsUser: 0 116 | privileged: false 117 | resources: 118 | requests: 119 | cpu: "100m" 120 | memory: "100Mi" 121 | limits: 122 | cpu: "1000m" 123 | memory: "200Mi" 124 | tolerations: [] 125 | 126 | # Replicas being used for the filebeat deployment 127 | replicas: 1 128 | 129 | extraContainers: "" 130 | # - name: dummy-init 131 | # image: busybox 132 | # command: ['echo', 'hey'] 133 | 134 | extraInitContainers: [] 135 | # - name: dummy-init 136 | 137 | # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). 138 | hostPathRoot: /var/lib 139 | 140 | dnsConfig: {} 141 | # options: 142 | # - name: ndots 143 | # value: "2" 144 | hostAliases: [] 145 | #- ip: "127.0.0.1" 146 | # hostnames: 147 | # - "foo.local" 148 | # - "bar.local" 149 | image: "docker.elastic.co/beats/filebeat" 150 | imageTag: "7.15.0" 151 | imagePullPolicy: "IfNotPresent" 152 | imagePullSecrets: [] 153 | 154 | livenessProbe: 155 | exec: 156 | command: 157 | - sh 158 | - -c 159 | - | 160 | #!/usr/bin/env bash -e 161 | curl --fail 127.0.0.1:5066 162 | failureThreshold: 3 163 | initialDelaySeconds: 10 164 | periodSeconds: 10 165 | timeoutSeconds: 5 166 | 167 | readinessProbe: 168 | exec: 169 | command: 170 | - sh 171 | - -c 172 | - | 173 | #!/usr/bin/env bash -e 174 | filebeat test output 175 | failureThreshold: 3 176 | initialDelaySeconds: 10 177 | periodSeconds: 10 178 | timeoutSeconds: 5 179 | 180 | # Whether this chart should self-manage its service account, role, and associated role binding. 181 | managedServiceAccount: true 182 | 183 | clusterRoleRules: 184 | - apiGroups: 185 | - "" 186 | resources: 187 | - namespaces 188 | - nodes 189 | - pods 190 | verbs: 191 | - get 192 | - list 193 | - watch 194 | 195 | podAnnotations: 196 | {} 197 | # iam.amazonaws.com/role: es-cluster 198 | 199 | # Custom service account override that the pod will use 200 | serviceAccount: "" 201 | 202 | # Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. 203 | serviceAccountAnnotations: 204 | {} 205 | # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount 206 | 207 | # How long to wait for Filebeat pods to stop gracefully 208 | terminationGracePeriod: 30 209 | # This is the PriorityClass settings as defined in 210 | # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 211 | priorityClassName: "" 212 | 213 | updateStrategy: RollingUpdate 214 | 215 | # Override various naming aspects of this chart 216 | # Only edit these if you know what you're doing 217 | nameOverride: "" 218 | fullnameOverride: "" 219 | 220 | # DEPRECATED 221 | affinity: {} 222 | envFrom: [] 223 | extraEnvs: [] 224 | extraVolumes: [] 225 | extraVolumeMounts: [] 226 | # Allows you to add any config files in /usr/share/filebeat 227 | # such as filebeat.yml for both daemonset and deployment 228 | filebeatConfig: {} 229 | nodeSelector: {} 230 | podSecurityContext: {} 231 | resources: {} 232 | secretMounts: [] 233 | tolerations: [] 234 | labels: {} 235 | -------------------------------------------------------------------------------- /logstash/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | replicas: 1 3 | 4 | # Allows you to add any config files in /usr/share/logstash/config/ 5 | # such as logstash.yml and log4j2.properties 6 | # 7 | # Note that when overriding logstash.yml, `http.host: 0.0.0.0` should always be included 8 | # to make default probes work. 9 | logstashConfig: {} 10 | # logstash.yml: | 11 | # key: 12 | # nestedkey: value 13 | # log4j2.properties: | 14 | # key = value 15 | 16 | # Allows you to add any pipeline files in /usr/share/logstash/pipeline/ 17 | ### ***warn*** there is a hardcoded logstash.conf in the image, override it first 18 | logstashPipeline: 19 | logstash.conf: | 20 | input { 21 | beats { 22 | port => 5044 23 | } 24 | } 25 | output { elasticsearch { hosts => "http://elasticsearch-master:9200" } } 26 | 27 | # Allows you to add any pattern files in your custom pattern dir 28 | logstashPatternDir: "/usr/share/logstash/patterns/" 29 | logstashPattern: {} 30 | # pattern.conf: | 31 | # DPKG_VERSION [-+~<>\.0-9a-zA-Z]+ 32 | 33 | # Extra environment variables to append to this nodeGroup 34 | # This will be appended to the current 'env:' key. You can use any of the kubernetes env 35 | # syntax here 36 | extraEnvs: [] 37 | # - name: MY_ENVIRONMENT_VAR 38 | # value: the_value_goes_here 39 | 40 | # Allows you to load environment variables from kubernetes secret or config map 41 | envFrom: [] 42 | # - secretRef: 43 | # name: env-secret 44 | # - configMapRef: 45 | # name: config-map 46 | 47 | # Add sensitive data to k8s secrets 48 | secrets: [] 49 | # - name: "env" 50 | # value: 51 | # ELASTICSEARCH_PASSWORD: "LS1CRUdJTiBgUFJJVkFURSB" 52 | # api_key: ui2CsdUadTiBasRJRkl9tvNnw 53 | # - name: "tls" 54 | # value: 55 | # ca.crt: | 56 | # LS0tLS1CRUdJT0K 57 | # LS0tLS1CRUdJT0K 58 | # LS0tLS1CRUdJT0K 59 | # LS0tLS1CRUdJT0K 60 | # cert.crt: "LS0tLS1CRUdJTiBlRJRklDQVRFLS0tLS0K" 61 | # cert.key.filepath: "secrets.crt" # The path to file should be relative to the `values.yaml` file. 62 | 63 | # A list of secrets and their paths to mount inside the pod 64 | secretMounts: [] 65 | 66 | hostAliases: [] 67 | #- ip: "127.0.0.1" 68 | # hostnames: 69 | # - "foo.local" 70 | # - "bar.local" 71 | 72 | image: "docker.elastic.co/logstash/logstash" 73 | imageTag: "7.15.0" 74 | imagePullPolicy: "IfNotPresent" 75 | imagePullSecrets: [] 76 | 77 | podAnnotations: {} 78 | 79 | # additionals labels 80 | labels: {} 81 | 82 | logstashJavaOpts: "-Xmx1g -Xms1g" 83 | 84 | resources: 85 | requests: 86 | cpu: "100m" 87 | memory: "1536Mi" 88 | limits: 89 | cpu: "1000m" 90 | memory: "1536Mi" 91 | 92 | volumeClaimTemplate: 93 | accessModes: ["ReadWriteOnce"] 94 | resources: 95 | requests: 96 | storage: 1Gi 97 | 98 | rbac: 99 | create: false 100 | serviceAccountAnnotations: {} 101 | serviceAccountName: "" 102 | annotations: 103 | {} 104 | #annotation1: "value1" 105 | #annotation2: "value2" 106 | #annotation3: "value3" 107 | 108 | podSecurityPolicy: 109 | create: false 110 | name: "" 111 | spec: 112 | privileged: false 113 | fsGroup: 114 | rule: RunAsAny 115 | runAsUser: 116 | rule: RunAsAny 117 | seLinux: 118 | rule: RunAsAny 119 | supplementalGroups: 120 | rule: RunAsAny 121 | volumes: 122 | - secret 123 | - configMap 124 | - persistentVolumeClaim 125 | 126 | persistence: 127 | enabled: false 128 | annotations: {} 129 | 130 | extraVolumes: 131 | "" 132 | # - name: extras 133 | # emptyDir: {} 134 | 135 | extraVolumeMounts: 136 | "" 137 | # - name: extras 138 | # mountPath: /usr/share/extras 139 | # readOnly: true 140 | 141 | extraContainers: 142 | "" 143 | # - name: do-something 144 | # image: busybox 145 | # command: ['do', 'something'] 146 | 147 | extraInitContainers: 148 | "" 149 | # - name: do-something 150 | # image: busybox 151 | # command: ['do', 'something'] 152 | 153 | # This is the PriorityClass settings as defined in 154 | # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 155 | priorityClassName: "" 156 | 157 | # By default this will make sure two pods don't end up on the same node 158 | # Changing this to a region would allow you to spread pods across regions 159 | antiAffinityTopologyKey: "kubernetes.io/hostname" 160 | 161 | # Hard means that by default pods will only be scheduled if there are enough nodes for them 162 | # and that they will never end up on the same node. Setting this to soft will do this "best effort" 163 | antiAffinity: "hard" 164 | 165 | # This is the node affinity settings as defined in 166 | # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity 167 | nodeAffinity: {} 168 | 169 | # This is inter-pod affinity settings as defined in 170 | # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 171 | podAffinity: {} 172 | 173 | # The default is to deploy all pods serially. By setting this to parallel all pods are started at 174 | # the same time when bootstrapping the cluster 175 | podManagementPolicy: "Parallel" 176 | 177 | httpPort: 9600 178 | 179 | # Custom ports to add to logstash 180 | extraPorts: 181 | [] 182 | # - name: beats 183 | # containerPort: 5001 184 | 185 | updateStrategy: RollingUpdate 186 | 187 | # This is the max unavailable setting for the pod disruption budget 188 | # The default value of 1 will make sure that kubernetes won't allow more than 1 189 | # of your pods to be unavailable during maintenance 190 | maxUnavailable: 1 191 | 192 | podSecurityContext: 193 | fsGroup: 1000 194 | runAsUser: 1000 195 | 196 | securityContext: 197 | capabilities: 198 | drop: 199 | - ALL 200 | # readOnlyRootFilesystem: true 201 | runAsNonRoot: true 202 | runAsUser: 1000 203 | 204 | # How long to wait for logstash to stop gracefully 205 | terminationGracePeriod: 120 206 | 207 | # Probes 208 | # Default probes are using `httpGet` which requires that `http.host: 0.0.0.0` is part of 209 | # `logstash.yml`. If needed probes can be disabled or overrided using the following syntaxes: 210 | # 211 | # disable livenessProbe 212 | # livenessProbe: null 213 | # 214 | # replace httpGet default readinessProbe by some exec probe 215 | # readinessProbe: 216 | # httpGet: null 217 | # exec: 218 | # command: 219 | # - curl 220 | # - localhost:9600 221 | 222 | livenessProbe: 223 | httpGet: 224 | path: / 225 | port: http 226 | initialDelaySeconds: 300 227 | periodSeconds: 10 228 | timeoutSeconds: 5 229 | failureThreshold: 3 230 | successThreshold: 1 231 | 232 | readinessProbe: 233 | httpGet: 234 | path: / 235 | port: http 236 | initialDelaySeconds: 60 237 | periodSeconds: 10 238 | timeoutSeconds: 5 239 | failureThreshold: 3 240 | successThreshold: 3 241 | 242 | ## Use an alternate scheduler. 243 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ 244 | ## 245 | schedulerName: "" 246 | 247 | nodeSelector: {} 248 | tolerations: [] 249 | 250 | nameOverride: "" 251 | fullnameOverride: "" 252 | 253 | lifecycle: 254 | {} 255 | # preStop: 256 | # exec: 257 | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] 258 | # postStart: 259 | # exec: 260 | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] 261 | 262 | service: 263 | annotations: {} 264 | type: ClusterIP 265 | loadBalancerIP: "" 266 | ports: 267 | - name: beats 268 | port: 5044 269 | protocol: TCP 270 | targetPort: 5044 271 | - name: http 272 | port: 8080 273 | protocol: TCP 274 | targetPort: 8080 275 | 276 | ingress: 277 | enabled: false 278 | # annotations: {} 279 | # hosts: 280 | # - host: logstash.local 281 | # paths: 282 | # - path: /logs 283 | # servicePort: 8080 284 | # tls: [] 285 | -------------------------------------------------------------------------------- /filebeat/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.daemonset.enabled }} 2 | --- 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: {{ template "filebeat.fullname" . }} 7 | labels: 8 | app: "{{ template "filebeat.fullname" . }}" 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | heritage: {{ .Release.Service | quote }} 11 | release: {{ .Release.Name | quote }} 12 | {{- if .Values.daemonset.labels }} 13 | {{- range $key, $value := .Values.daemonset.labels }} 14 | {{ $key }}: {{ $value | quote }} 15 | {{- end }} 16 | {{- else }} 17 | {{- range $key, $value := .Values.labels }} 18 | {{ $key }}: {{ $value | quote }} 19 | {{- end }} 20 | {{- end }} 21 | {{- if .Values.daemonset.annotations }} 22 | annotations: 23 | {{- range $key, $value := .Values.daemonset.annotations }} 24 | {{ $key }}: {{ $value | quote }} 25 | {{- end }} 26 | {{- end }} 27 | spec: 28 | selector: 29 | matchLabels: 30 | app: "{{ template "filebeat.fullname" . }}" 31 | release: {{ .Release.Name | quote }} 32 | updateStrategy: 33 | {{- if eq .Values.updateStrategy "RollingUpdate" }} 34 | rollingUpdate: 35 | maxUnavailable: {{ .Values.daemonset.maxUnavailable }} 36 | {{- end }} 37 | type: {{ .Values.updateStrategy }} 38 | template: 39 | metadata: 40 | annotations: 41 | {{- range $key, $value := .Values.podAnnotations }} 42 | {{ $key }}: {{ $value | quote }} 43 | {{- end }} 44 | {{/* This forces a restart if the configmap has changed */}} 45 | {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} 46 | configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} 47 | {{- end }} 48 | name: "{{ template "filebeat.fullname" . }}" 49 | labels: 50 | app: "{{ template "filebeat.fullname" . }}" 51 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 52 | heritage: {{ .Release.Service | quote }} 53 | release: {{ .Release.Name | quote }} 54 | {{- if .Values.daemonset.labels }} 55 | {{- range $key, $value := .Values.daemonset.labels }} 56 | {{ $key }}: {{ $value | quote }} 57 | {{- end }} 58 | {{- else }} 59 | {{- range $key, $value := .Values.labels }} 60 | {{ $key }}: {{ $value | quote }} 61 | {{- end }} 62 | {{- end }} 63 | spec: 64 | tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} 65 | nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} 66 | {{- if .Values.priorityClassName }} 67 | priorityClassName: {{ .Values.priorityClassName }} 68 | {{- end }} 69 | affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} 70 | serviceAccountName: {{ template "filebeat.serviceAccount" . }} 71 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} 72 | {{- if .Values.daemonset.hostNetworking }} 73 | hostNetwork: true 74 | dnsPolicy: ClusterFirstWithHostNet 75 | {{- end }} 76 | {{- if .Values.dnsConfig }} 77 | dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} 78 | {{- end }} 79 | {{- if .Values.hostAliases | default .Values.daemonset.hostAliases }} 80 | hostAliases: {{ toYaml ( .Values.hostAliases | default .Values.daemonset.hostAliases ) | nindent 8 }} 81 | {{- end }} 82 | volumes: 83 | {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} 84 | - name: {{ .name }} 85 | secret: 86 | secretName: {{ .secretName }} 87 | {{- end }} 88 | {{- if .Values.filebeatConfig }} 89 | - name: filebeat-config 90 | configMap: 91 | defaultMode: 0600 92 | name: {{ template "filebeat.fullname" . }}-config 93 | {{- else if .Values.daemonset.filebeatConfig }} 94 | - name: filebeat-config 95 | configMap: 96 | defaultMode: 0600 97 | name: {{ template "filebeat.fullname" . }}-daemonset-config 98 | {{- end }} 99 | - name: data 100 | hostPath: 101 | path: {{ .Values.hostPathRoot }}/{{ template "filebeat.fullname" . }}-{{ .Release.Namespace }}-data 102 | type: DirectoryOrCreate 103 | - name: varlibdockercontainers 104 | hostPath: 105 | path: /var/lib/docker/containers 106 | - name: varlog 107 | hostPath: 108 | path: /var/log 109 | - name: varrundockersock 110 | hostPath: 111 | path: /var/run/docker.sock 112 | {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} 113 | {{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} 114 | {{- end }} 115 | {{- if .Values.imagePullSecrets }} 116 | imagePullSecrets: 117 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 118 | {{- end }} 119 | {{- if .Values.extraInitContainers }} 120 | initContainers: 121 | # All the other beats accept a string here while 122 | # filebeat accepts a valid yaml array. We're keeping 123 | # this as a backwards compatible change, while adding 124 | # also a way to pass a string as other templates to 125 | # make these implementations consistent. 126 | # https://github.com/elastic/helm-charts/issues/490 127 | {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} 128 | {{ tpl .Values.extraInitContainers . | indent 8 }} 129 | {{- else }} 130 | {{ toYaml .Values.extraInitContainers | indent 8 }} 131 | {{- end }} 132 | {{- end }} 133 | containers: 134 | - name: "filebeat" 135 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 136 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 137 | args: 138 | - "-e" 139 | - "-E" 140 | - "http.enabled=true" 141 | livenessProbe: 142 | {{ toYaml .Values.livenessProbe | indent 10 }} 143 | readinessProbe: 144 | {{ toYaml .Values.readinessProbe | indent 10 }} 145 | resources: 146 | {{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} 147 | env: 148 | - name: POD_NAMESPACE 149 | valueFrom: 150 | fieldRef: 151 | fieldPath: metadata.namespace 152 | - name: NODE_NAME 153 | valueFrom: 154 | fieldRef: 155 | fieldPath: spec.nodeName 156 | {{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} 157 | {{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} 158 | {{- end }} 159 | envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} 160 | securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} 161 | volumeMounts: 162 | {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} 163 | - name: {{ .name }} 164 | mountPath: {{ .path }} 165 | {{- if .subPath }} 166 | subPath: {{ .subPath }} 167 | {{- end }} 168 | {{- end }} 169 | {{- range $path, $config := .Values.filebeatConfig }} 170 | - name: filebeat-config 171 | mountPath: /usr/share/filebeat/{{ $path }} 172 | readOnly: true 173 | subPath: {{ $path }} 174 | {{ else }} 175 | {{- range $path, $config := .Values.daemonset.filebeatConfig }} 176 | - name: filebeat-config 177 | mountPath: /usr/share/filebeat/{{ $path }} 178 | readOnly: true 179 | subPath: {{ $path }} 180 | {{- end }} 181 | {{- end }} 182 | - name: data 183 | mountPath: /usr/share/filebeat/data 184 | - name: varlibdockercontainers 185 | mountPath: /var/lib/docker/containers 186 | readOnly: true 187 | - name: varlog 188 | mountPath: /var/log 189 | readOnly: true 190 | # Necessary when using autodiscovery; avoid mounting it otherwise 191 | # See: https://www.elastic.co/guide/en/beats/filebeat/7.15/configuration-autodiscover.html 192 | - name: varrundockersock 193 | mountPath: /var/run/docker.sock 194 | readOnly: true 195 | {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} 196 | {{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} 197 | {{- end }} 198 | {{- if .Values.extraContainers }} 199 | {{ tpl .Values.extraContainers . | indent 6 }} 200 | {{- end }} 201 | {{- end }} 202 | -------------------------------------------------------------------------------- /logstash/templates/statefulset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | name: {{ template "logstash.fullname" . }} 6 | labels: 7 | app: "{{ template "logstash.fullname" . }}" 8 | chart: "{{ .Chart.Name }}" 9 | heritage: {{ .Release.Service | quote }} 10 | release: {{ .Release.Name | quote }} 11 | {{- range $key, $value := .Values.labels }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | spec: 15 | serviceName: {{ template "logstash.fullname" . }}-headless 16 | selector: 17 | matchLabels: 18 | app: "{{ template "logstash.fullname" . }}" 19 | release: {{ .Release.Name | quote }} 20 | replicas: {{ .Values.replicas }} 21 | podManagementPolicy: {{ .Values.podManagementPolicy }} 22 | updateStrategy: 23 | type: {{ .Values.updateStrategy }} 24 | {{- if .Values.persistence.enabled }} 25 | volumeClaimTemplates: 26 | - metadata: 27 | name: {{ template "logstash.fullname" . }} 28 | {{- with .Values.persistence.annotations }} 29 | annotations: 30 | {{ toYaml . | indent 8 }} 31 | {{- end }} 32 | spec: 33 | {{ toYaml .Values.volumeClaimTemplate | indent 6 }} 34 | {{- end }} 35 | template: 36 | metadata: 37 | name: "{{ template "logstash.fullname" . }}" 38 | labels: 39 | app: "{{ template "logstash.fullname" . }}" 40 | chart: "{{ .Chart.Name }}" 41 | heritage: {{ .Release.Service | quote }} 42 | release: {{ .Release.Name | quote }} 43 | {{- range $key, $value := .Values.labels }} 44 | {{ $key }}: {{ $value | quote }} 45 | {{- end }} 46 | annotations: 47 | {{- range $key, $value := .Values.podAnnotations }} 48 | {{ $key }}: {{ $value | quote }} 49 | {{- end }} 50 | {{- /* This forces a restart if the configmap has changed */}} 51 | {{- if .Values.logstashConfig }} 52 | configchecksum: {{ include (print .Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 63 }} 53 | {{- end }} 54 | {{- /* This forces a restart if the configmap has changed */}} 55 | {{- if .Values.logstashPipeline }} 56 | pipelinechecksum: {{ include (print .Template.BasePath "/configmap-pipeline.yaml") . | sha256sum | trunc 63 }} 57 | {{- end }} 58 | {{- if .Values.logstashPattern }} 59 | patternchecksum: {{ include (print .Template.BasePath "/configmap-pattern.yaml") . | sha256sum | trunc 63 }} 60 | {{- end }} 61 | {{- if .Values.secrets }} 62 | secretschecksum: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum | trunc 63 }} 63 | {{- end }} 64 | spec: 65 | {{- if .Values.schedulerName }} 66 | schedulerName: "{{ .Values.schedulerName }}" 67 | {{- end }} 68 | securityContext: 69 | {{ toYaml .Values.podSecurityContext | indent 8 }} 70 | {{- if .Values.rbac.create }} 71 | serviceAccountName: "{{ template "logstash.fullname" . }}" 72 | {{- else if not (eq .Values.rbac.serviceAccountName "") }} 73 | serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }} 74 | {{- end }} 75 | {{- with .Values.tolerations }} 76 | tolerations: 77 | {{ toYaml . | indent 6 }} 78 | {{- end }} 79 | {{- with .Values.nodeSelector }} 80 | nodeSelector: 81 | {{ toYaml . | indent 8 }} 82 | {{- end }} 83 | {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity .Values.podAffinity }} 84 | {{- if .Values.priorityClassName }} 85 | priorityClassName: {{ .Values.priorityClassName }} 86 | {{- end }} 87 | affinity: 88 | {{- end }} 89 | {{- if eq .Values.antiAffinity "hard" }} 90 | podAntiAffinity: 91 | requiredDuringSchedulingIgnoredDuringExecution: 92 | - labelSelector: 93 | matchExpressions: 94 | - key: app 95 | operator: In 96 | values: 97 | - "{{ template "logstash.fullname" .}}" 98 | topologyKey: {{ .Values.antiAffinityTopologyKey }} 99 | {{- else if eq .Values.antiAffinity "soft" }} 100 | podAntiAffinity: 101 | preferredDuringSchedulingIgnoredDuringExecution: 102 | - weight: 1 103 | podAffinityTerm: 104 | topologyKey: {{ .Values.antiAffinityTopologyKey }} 105 | labelSelector: 106 | matchExpressions: 107 | - key: app 108 | operator: In 109 | values: 110 | - "{{ template "logstash.fullname" . }}" 111 | {{- end }} 112 | {{- with .Values.nodeAffinity }} 113 | nodeAffinity: 114 | {{ toYaml . | indent 10 }} 115 | {{- end }} 116 | {{- with .Values.podAffinity }} 117 | podAffinity: 118 | {{ toYaml . | indent 10 }} 119 | {{- end }} 120 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} 121 | volumes: 122 | {{- range .Values.secretMounts }} 123 | - name: {{ .name }} 124 | secret: 125 | secretName: {{ .secretName }} 126 | {{- end }} 127 | {{- if .Values.logstashConfig }} 128 | - name: logstashconfig 129 | configMap: 130 | name: {{ template "logstash.fullname" . }}-config 131 | {{- end }} 132 | {{- if .Values.logstashPipeline }} 133 | - name: logstashpipeline 134 | configMap: 135 | name: {{ template "logstash.fullname" . }}-pipeline 136 | {{- end }} 137 | {{- if .Values.logstashPattern }} 138 | - name: logstashpattern 139 | configMap: 140 | name: {{ template "logstash.fullname" . }}-pattern 141 | {{- end }} 142 | {{- if .Values.extraVolumes }} 143 | {{ tpl .Values.extraVolumes . | indent 8 }} 144 | {{- end }} 145 | {{- if .Values.imagePullSecrets }} 146 | imagePullSecrets: 147 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 148 | {{- end}} 149 | {{- if .Values.hostAliases }} 150 | hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} 151 | {{- end }} 152 | {{- if .Values.extraInitContainers }} 153 | initContainers: 154 | {{ tpl .Values.extraInitContainers . | indent 6 }} 155 | {{- end }} 156 | containers: 157 | - name: "{{ template "logstash.name" . }}" 158 | securityContext: 159 | {{ toYaml .Values.securityContext | indent 10 }} 160 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 161 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 162 | livenessProbe: 163 | {{ toYaml .Values.livenessProbe | indent 10 }} 164 | readinessProbe: 165 | {{ toYaml .Values.readinessProbe | indent 10 }} 166 | ports: 167 | - name: http 168 | containerPort: {{ .Values.httpPort }} 169 | {{- if .Values.extraPorts }} 170 | {{- toYaml .Values.extraPorts | nindent 8 }} 171 | {{- end }} 172 | resources: 173 | {{ toYaml .Values.resources | indent 10 }} 174 | env: 175 | - name: LS_JAVA_OPTS 176 | value: "{{ .Values.logstashJavaOpts }}" 177 | {{- if .Values.extraEnvs }} 178 | {{ toYaml .Values.extraEnvs | indent 10 }} 179 | {{- end }} 180 | {{- if .Values.envFrom }} 181 | envFrom: 182 | {{ toYaml .Values.envFrom | indent 10 }} 183 | {{- end }} 184 | volumeMounts: 185 | {{- if .Values.persistence.enabled }} 186 | - name: "{{ template "logstash.fullname" . }}" 187 | mountPath: /usr/share/logstash/data 188 | {{- end }} 189 | {{- range .Values.secretMounts }} 190 | - name: {{ .name }} 191 | mountPath: {{ .path }} 192 | {{- if .subPath }} 193 | subPath: {{ .subPath }} 194 | {{- end }} 195 | {{- end }} 196 | {{- range $path, $config := .Values.logstashConfig }} 197 | - name: logstashconfig 198 | mountPath: /usr/share/logstash/config/{{ $path }} 199 | subPath: {{ $path }} 200 | {{- end -}} 201 | {{- range $path, $config := .Values.logstashPipeline }} 202 | - name: logstashpipeline 203 | mountPath: /usr/share/logstash/pipeline/{{ $path }} 204 | subPath: {{ $path }} 205 | {{- end -}} 206 | {{- if .Values.logstashPattern }} 207 | {{- $logstashPatternDir := .Values.logstashPatternDir -}} 208 | {{- range $path, $config := .Values.logstashPattern }} 209 | - name: logstashpattern 210 | mountPath: {{ $logstashPatternDir }}{{ $path }} 211 | subPath: {{ $path }} 212 | {{- end -}} 213 | {{- end -}} 214 | {{- if .Values.extraVolumeMounts }} 215 | {{ tpl .Values.extraVolumeMounts . | indent 10 }} 216 | {{- end }} 217 | {{- if .Values.lifecycle }} 218 | lifecycle: 219 | {{ toYaml .Values.lifecycle | indent 10 }} 220 | {{- end }} 221 | {{- if .Values.extraContainers }} 222 | {{ tpl .Values.extraContainers . | indent 6 }} 223 | {{- end }} 224 | -------------------------------------------------------------------------------- /elasticsearch/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | clusterName: "elasticsearch" 3 | nodeGroup: "master" 4 | 5 | # The service that non master groups will try to connect to when joining the cluster 6 | # This should be set to clusterName + "-" + nodeGroup for your master group 7 | masterService: "" 8 | 9 | # Elasticsearch roles that will be applied to this nodeGroup 10 | # These will be set as environment variables. E.g. node.master=true 11 | roles: 12 | master: "true" 13 | ingest: "true" 14 | data: "true" 15 | remote_cluster_client: "true" 16 | ml: "true" 17 | 18 | replicas: 3 19 | minimumMasterNodes: 2 20 | 21 | esMajorVersion: "" 22 | 23 | # Allows you to add any config files in /usr/share/elasticsearch/config/ 24 | # such as elasticsearch.yml and log4j2.properties 25 | esConfig: {} 26 | # elasticsearch.yml: | 27 | # key: 28 | # nestedkey: value 29 | # log4j2.properties: | 30 | # key = value 31 | 32 | # Extra environment variables to append to this nodeGroup 33 | # This will be appended to the current 'env:' key. You can use any of the kubernetes env 34 | # syntax here 35 | extraEnvs: [] 36 | # - name: MY_ENVIRONMENT_VAR 37 | # value: the_value_goes_here 38 | 39 | # Allows you to load environment variables from kubernetes secret or config map 40 | envFrom: [] 41 | # - secretRef: 42 | # name: env-secret 43 | # - configMapRef: 44 | # name: config-map 45 | 46 | # A list of secrets and their paths to mount inside the pod 47 | # This is useful for mounting certificates for security and for mounting 48 | # the X-Pack license 49 | secretMounts: [] 50 | # - name: elastic-certificates 51 | # secretName: elastic-certificates 52 | # path: /usr/share/elasticsearch/config/certs 53 | # defaultMode: 0755 54 | 55 | hostAliases: [] 56 | #- ip: "127.0.0.1" 57 | # hostnames: 58 | # - "foo.local" 59 | # - "bar.local" 60 | 61 | image: "docker.elastic.co/elasticsearch/elasticsearch" 62 | imageTag: "7.15.0" 63 | imagePullPolicy: "IfNotPresent" 64 | 65 | podAnnotations: 66 | {} 67 | # iam.amazonaws.com/role: es-cluster 68 | 69 | # additionals labels 70 | labels: {} 71 | 72 | esJavaOpts: "" # example: "-Xmx1g -Xms1g" 73 | 74 | resources: 75 | limits: 76 | cpu: "1000m" 77 | memory: "2Gi" 78 | 79 | initResources: 80 | {} 81 | # limits: 82 | # cpu: "25m" 83 | # # memory: "128Mi" 84 | # requests: 85 | # cpu: "25m" 86 | # memory: "128Mi" 87 | 88 | networkHost: "0.0.0.0" 89 | 90 | volumeClaimTemplate: 91 | accessModes: ["ReadWriteOnce"] 92 | resources: 93 | requests: 94 | storage: 30Gi 95 | 96 | rbac: 97 | create: false 98 | serviceAccountAnnotations: {} 99 | serviceAccountName: "" 100 | 101 | podSecurityPolicy: 102 | create: false 103 | name: "" 104 | spec: 105 | privileged: true 106 | fsGroup: 107 | rule: RunAsAny 108 | runAsUser: 109 | rule: RunAsAny 110 | seLinux: 111 | rule: RunAsAny 112 | supplementalGroups: 113 | rule: RunAsAny 114 | volumes: 115 | - secret 116 | - configMap 117 | - persistentVolumeClaim 118 | - emptyDir 119 | 120 | persistence: 121 | enabled: true 122 | labels: 123 | # Add default labels for the volumeClaimTemplate of the StatefulSet 124 | enabled: false 125 | annotations: {} 126 | 127 | extraVolumes: 128 | [] 129 | # - name: extras 130 | # emptyDir: {} 131 | 132 | extraVolumeMounts: 133 | [] 134 | # - name: extras 135 | # mountPath: /usr/share/extras 136 | # readOnly: true 137 | 138 | extraContainers: 139 | [] 140 | # - name: do-something 141 | # image: busybox 142 | # command: ['do', 'something'] 143 | 144 | extraInitContainers: 145 | [] 146 | # - name: do-something 147 | # image: busybox 148 | # command: ['do', 'something'] 149 | 150 | # This is the PriorityClass settings as defined in 151 | # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 152 | priorityClassName: "" 153 | 154 | # By default this will make sure two pods don't end up on the same node 155 | # Changing this to a region would allow you to spread pods across regions 156 | antiAffinityTopologyKey: "kubernetes.io/hostname" 157 | 158 | # Hard means that by default pods will only be scheduled if there are enough nodes for them 159 | # and that they will never end up on the same node. Setting this to soft will do this "best effort" 160 | antiAffinity: "soft" 161 | 162 | # This is the node affinity settings as defined in 163 | # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature 164 | nodeAffinity: {} 165 | 166 | # The default is to deploy all pods serially. By setting this to parallel all pods are started at 167 | # the same time when bootstrapping the cluster 168 | podManagementPolicy: "Parallel" 169 | 170 | # The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when 171 | # there are many services in the current namespace. 172 | # If you experience slow pod startups you probably want to set this to `false`. 173 | enableServiceLinks: true 174 | 175 | protocol: http 176 | httpPort: 9200 177 | transportPort: 9300 178 | 179 | service: 180 | enabled: true 181 | labels: {} 182 | labelsHeadless: {} 183 | type: ClusterIP 184 | nodePort: "" 185 | annotations: {} 186 | httpPortName: http 187 | transportPortName: transport 188 | loadBalancerIP: "" 189 | loadBalancerSourceRanges: [] 190 | externalTrafficPolicy: "" 191 | 192 | updateStrategy: RollingUpdate 193 | 194 | # This is the max unavailable setting for the pod disruption budget 195 | # The default value of 1 will make sure that kubernetes won't allow more than 1 196 | # of your pods to be unavailable during maintenance 197 | maxUnavailable: 1 198 | 199 | podSecurityContext: 200 | fsGroup: 1000 201 | runAsUser: 1000 202 | 203 | securityContext: 204 | capabilities: 205 | drop: 206 | - ALL 207 | # readOnlyRootFilesystem: true 208 | runAsNonRoot: true 209 | runAsUser: 1000 210 | 211 | # How long to wait for elasticsearch to stop gracefully 212 | terminationGracePeriod: 120 213 | 214 | sysctlVmMaxMapCount: 262144 215 | 216 | readinessProbe: 217 | failureThreshold: 3 218 | initialDelaySeconds: 10 219 | periodSeconds: 10 220 | successThreshold: 3 221 | timeoutSeconds: 5 222 | 223 | # https://www.elastic.co/guide/en/elasticsearch/reference/7.15/cluster-health.html#request-params wait_for_status 224 | clusterHealthCheckParams: "wait_for_status=green&timeout=1s" 225 | 226 | ## Use an alternate scheduler. 227 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ 228 | ## 229 | schedulerName: "" 230 | 231 | imagePullSecrets: [] 232 | nodeSelector: {} 233 | tolerations: [] 234 | 235 | # Enabling this will publically expose your Elasticsearch instance. 236 | # Only enable this if you have security enabled on your cluster 237 | ingress: 238 | enabled: false 239 | annotations: 240 | {} 241 | # kubernetes.io/ingress.class: nginx 242 | # kubernetes.io/tls-acme: "true" 243 | hosts: 244 | - host: chart-example.local 245 | paths: 246 | - path: / 247 | tls: [] 248 | # - secretName: chart-example-tls 249 | # hosts: 250 | # - chart-example.local 251 | 252 | nameOverride: "" 253 | fullnameOverride: "" 254 | healthNameOverride: "" 255 | 256 | lifecycle: 257 | {} 258 | # preStop: 259 | # exec: 260 | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] 261 | # postStart: 262 | # exec: 263 | # command: 264 | # - bash 265 | # - -c 266 | # - | 267 | # #!/bin/bash 268 | # # Add a template to adjust number of shards/replicas 269 | # TEMPLATE_NAME=my_template 270 | # INDEX_PATTERN="logstash-*" 271 | # SHARD_COUNT=8 272 | # REPLICA_COUNT=1 273 | # ES_URL=http://localhost:9200 274 | # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done 275 | # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' 276 | 277 | sysctlInitContainer: 278 | enabled: true 279 | 280 | keystore: [] 281 | 282 | networkPolicy: 283 | ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. 284 | ## In order for a Pod to access Elasticsearch, it needs to have the following label: 285 | ## {{ template "uname" . }}-client: "true" 286 | ## Example for default configuration to access HTTP port: 287 | ## elasticsearch-master-http-client: "true" 288 | ## Example for default configuration to access transport port: 289 | ## elasticsearch-master-transport-client: "true" 290 | 291 | http: 292 | enabled: false 293 | ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace 294 | ## and matching all criteria can reach the DB. 295 | ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this 296 | ## parameter to select these namespaces 297 | ## 298 | # explicitNamespacesSelector: 299 | # # Accept from namespaces with all those different rules (only from whitelisted Pods) 300 | # matchLabels: 301 | # role: frontend 302 | # matchExpressions: 303 | # - {key: role, operator: In, values: [frontend]} 304 | ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. 305 | ## 306 | # additionalRules: 307 | # - podSelector: 308 | # matchLabels: 309 | # role: frontend 310 | # - podSelector: 311 | # matchExpressions: 312 | # - key: role 313 | # operator: In 314 | # values: 315 | # - frontend 316 | 317 | transport: 318 | ## Note that all Elasticsearch Pods can talks to themselves using transport port even if enabled. 319 | enabled: false 320 | # explicitNamespacesSelector: 321 | # matchLabels: 322 | # role: frontend 323 | # matchExpressions: 324 | # - {key: role, operator: In, values: [frontend]} 325 | # additionalRules: 326 | # - podSelector: 327 | # matchLabels: 328 | # role: frontend 329 | # - podSelector: 330 | # matchExpressions: 331 | # - key: role 332 | # operator: In 333 | # values: 334 | # - frontend 335 | 336 | tests: 337 | enabled: true 338 | 339 | # Deprecated 340 | # please use the above podSecurityContext.fsGroup instead 341 | fsGroup: "" 342 | -------------------------------------------------------------------------------- /elasticsearch/templates/statefulset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | name: {{ template "elasticsearch.uname" . }} 6 | labels: 7 | heritage: {{ .Release.Service | quote }} 8 | release: {{ .Release.Name | quote }} 9 | chart: "{{ .Chart.Name }}" 10 | app: "{{ template "elasticsearch.uname" . }}" 11 | {{- range $key, $value := .Values.labels }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | annotations: 15 | esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}" 16 | spec: 17 | serviceName: {{ template "elasticsearch.uname" . }}-headless 18 | selector: 19 | matchLabels: 20 | app: "{{ template "elasticsearch.uname" . }}" 21 | replicas: {{ .Values.replicas }} 22 | podManagementPolicy: {{ .Values.podManagementPolicy }} 23 | updateStrategy: 24 | type: {{ .Values.updateStrategy }} 25 | {{- if .Values.persistence.enabled }} 26 | volumeClaimTemplates: 27 | - metadata: 28 | name: {{ template "elasticsearch.uname" . }} 29 | {{- if .Values.persistence.labels.enabled }} 30 | labels: 31 | release: {{ .Release.Name | quote }} 32 | chart: "{{ .Chart.Name }}" 33 | app: "{{ template "elasticsearch.uname" . }}" 34 | {{- range $key, $value := .Values.labels }} 35 | {{ $key }}: {{ $value | quote }} 36 | {{- end }} 37 | {{- end }} 38 | {{- with .Values.persistence.annotations }} 39 | annotations: 40 | {{ toYaml . | indent 8 }} 41 | {{- end }} 42 | spec: 43 | {{ toYaml .Values.volumeClaimTemplate | indent 6 }} 44 | {{- end }} 45 | template: 46 | metadata: 47 | name: "{{ template "elasticsearch.uname" . }}" 48 | labels: 49 | release: {{ .Release.Name | quote }} 50 | chart: "{{ .Chart.Name }}" 51 | app: "{{ template "elasticsearch.uname" . }}" 52 | {{- range $key, $value := .Values.labels }} 53 | {{ $key }}: {{ $value | quote }} 54 | {{- end }} 55 | annotations: 56 | {{- range $key, $value := .Values.podAnnotations }} 57 | {{ $key }}: {{ $value | quote }} 58 | {{- end }} 59 | {{/* This forces a restart if the configmap has changed */}} 60 | {{- if .Values.esConfig }} 61 | configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} 62 | {{- end }} 63 | spec: 64 | {{- if .Values.schedulerName }} 65 | schedulerName: "{{ .Values.schedulerName }}" 66 | {{- end }} 67 | securityContext: 68 | {{ toYaml .Values.podSecurityContext | indent 8 }} 69 | {{- if .Values.fsGroup }} 70 | fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup 71 | {{- end }} 72 | {{- if .Values.rbac.create }} 73 | serviceAccountName: "{{ template "elasticsearch.uname" . }}" 74 | {{- else if not (eq .Values.rbac.serviceAccountName "") }} 75 | serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }} 76 | {{- end }} 77 | {{- with .Values.tolerations }} 78 | tolerations: 79 | {{ toYaml . | indent 6 }} 80 | {{- end }} 81 | {{- with .Values.nodeSelector }} 82 | nodeSelector: 83 | {{ toYaml . | indent 8 }} 84 | {{- end }} 85 | {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }} 86 | {{- if .Values.priorityClassName }} 87 | priorityClassName: {{ .Values.priorityClassName }} 88 | {{- end }} 89 | affinity: 90 | {{- end }} 91 | {{- if eq .Values.antiAffinity "hard" }} 92 | podAntiAffinity: 93 | requiredDuringSchedulingIgnoredDuringExecution: 94 | - labelSelector: 95 | matchExpressions: 96 | - key: app 97 | operator: In 98 | values: 99 | - "{{ template "elasticsearch.uname" .}}" 100 | topologyKey: {{ .Values.antiAffinityTopologyKey }} 101 | {{- else if eq .Values.antiAffinity "soft" }} 102 | podAntiAffinity: 103 | preferredDuringSchedulingIgnoredDuringExecution: 104 | - weight: 1 105 | podAffinityTerm: 106 | topologyKey: {{ .Values.antiAffinityTopologyKey }} 107 | labelSelector: 108 | matchExpressions: 109 | - key: app 110 | operator: In 111 | values: 112 | - "{{ template "elasticsearch.uname" . }}" 113 | {{- end }} 114 | {{- with .Values.nodeAffinity }} 115 | nodeAffinity: 116 | {{ toYaml . | indent 10 }} 117 | {{- end }} 118 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} 119 | volumes: 120 | {{- range .Values.secretMounts }} 121 | - name: {{ .name }} 122 | secret: 123 | secretName: {{ .secretName }} 124 | {{- if .defaultMode }} 125 | defaultMode: {{ .defaultMode }} 126 | {{- end }} 127 | {{- end }} 128 | {{- if .Values.esConfig }} 129 | - name: esconfig 130 | configMap: 131 | name: {{ template "elasticsearch.uname" . }}-config 132 | {{- end }} 133 | {{- if .Values.keystore }} 134 | - name: keystore 135 | emptyDir: {} 136 | {{- range .Values.keystore }} 137 | - name: keystore-{{ .secretName }} 138 | secret: {{ toYaml . | nindent 12 }} 139 | {{- end }} 140 | {{ end }} 141 | {{- if .Values.extraVolumes }} 142 | # Currently some extra blocks accept strings 143 | # to continue with backwards compatibility this is being kept 144 | # whilst also allowing for yaml to be specified too. 145 | {{- if eq "string" (printf "%T" .Values.extraVolumes) }} 146 | {{ tpl .Values.extraVolumes . | indent 8 }} 147 | {{- else }} 148 | {{ toYaml .Values.extraVolumes | indent 8 }} 149 | {{- end }} 150 | {{- end }} 151 | {{- if .Values.imagePullSecrets }} 152 | imagePullSecrets: 153 | {{ toYaml .Values.imagePullSecrets | indent 8 }} 154 | {{- end }} 155 | enableServiceLinks: {{ .Values.enableServiceLinks }} 156 | {{- if .Values.hostAliases }} 157 | hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }} 158 | {{- end }} 159 | {{- if or (.Values.extraInitContainers) (.Values.sysctlInitContainer.enabled) (.Values.keystore) }} 160 | initContainers: 161 | {{- if .Values.sysctlInitContainer.enabled }} 162 | - name: configure-sysctl 163 | securityContext: 164 | runAsUser: 0 165 | privileged: true 166 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 167 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 168 | command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"] 169 | resources: 170 | {{ toYaml .Values.initResources | indent 10 }} 171 | {{- end }} 172 | {{ if .Values.keystore }} 173 | - name: keystore 174 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 175 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 176 | command: 177 | - sh 178 | - -c 179 | - | 180 | #!/usr/bin/env bash 181 | set -euo pipefail 182 | 183 | elasticsearch-keystore create 184 | 185 | for i in /tmp/keystoreSecrets/*/*; do 186 | key=$(basename $i) 187 | echo "Adding file $i to keystore key $key" 188 | elasticsearch-keystore add-file "$key" "$i" 189 | done 190 | 191 | # Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup 192 | if [ ! -z ${ELASTIC_PASSWORD+x} ]; then 193 | echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password' 194 | echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password 195 | fi 196 | 197 | cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/ 198 | env: {{ toYaml .Values.extraEnvs | nindent 10 }} 199 | envFrom: {{ toYaml .Values.envFrom | nindent 10 }} 200 | resources: {{ toYaml .Values.initResources | nindent 10 }} 201 | volumeMounts: 202 | - name: keystore 203 | mountPath: /tmp/keystore 204 | {{- range .Values.keystore }} 205 | - name: keystore-{{ .secretName }} 206 | mountPath: /tmp/keystoreSecrets/{{ .secretName }} 207 | {{- end }} 208 | {{ end }} 209 | {{- if .Values.extraInitContainers }} 210 | # Currently some extra blocks accept strings 211 | # to continue with backwards compatibility this is being kept 212 | # whilst also allowing for yaml to be specified too. 213 | {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} 214 | {{ tpl .Values.extraInitContainers . | indent 6 }} 215 | {{- else }} 216 | {{ toYaml .Values.extraInitContainers | indent 6 }} 217 | {{- end }} 218 | {{- end }} 219 | {{- end }} 220 | containers: 221 | - name: "{{ template "elasticsearch.name" . }}" 222 | securityContext: 223 | {{ toYaml .Values.securityContext | indent 10 }} 224 | image: "{{ .Values.image }}:{{ .Values.imageTag }}" 225 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 226 | readinessProbe: 227 | exec: 228 | command: 229 | - sh 230 | - -c 231 | - | 232 | #!/usr/bin/env bash -e 233 | # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" ) 234 | # Once it has started only check that the node itself is responding 235 | START_FILE=/tmp/.es_start_file 236 | 237 | # Disable nss cache to avoid filling dentry cache when calling curl 238 | # This is required with Elasticsearch Docker using nss < 3.52 239 | export NSS_SDB_USE_CACHE=no 240 | 241 | http () { 242 | local path="${1}" 243 | local args="${2}" 244 | set -- -XGET -s 245 | 246 | if [ "$args" != "" ]; then 247 | set -- "$@" $args 248 | fi 249 | 250 | if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then 251 | set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" 252 | fi 253 | 254 | curl --output /dev/null -k "$@" "{{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}" 255 | } 256 | 257 | if [ -f "${START_FILE}" ]; then 258 | echo 'Elasticsearch is already running, lets check the node is healthy' 259 | HTTP_CODE=$(http "/" "-w %{http_code}") 260 | RC=$? 261 | if [[ ${RC} -ne 0 ]]; then 262 | echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with RC ${RC}" 263 | exit ${RC} 264 | fi 265 | # ready if HTTP code 200, 503 is tolerable if ES version is 6.x 266 | if [[ ${HTTP_CODE} == "200" ]]; then 267 | exit 0 268 | elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then 269 | exit 0 270 | else 271 | echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with HTTP code ${HTTP_CODE}" 272 | exit 1 273 | fi 274 | 275 | else 276 | echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' 277 | if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" "--fail" ; then 278 | touch ${START_FILE} 279 | exit 0 280 | else 281 | echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' 282 | exit 1 283 | fi 284 | fi 285 | {{ toYaml .Values.readinessProbe | indent 10 }} 286 | ports: 287 | - name: http 288 | containerPort: {{ .Values.httpPort }} 289 | - name: transport 290 | containerPort: {{ .Values.transportPort }} 291 | resources: 292 | {{ toYaml .Values.resources | indent 10 }} 293 | env: 294 | - name: node.name 295 | valueFrom: 296 | fieldRef: 297 | fieldPath: metadata.name 298 | {{- if eq .Values.roles.master "true" }} 299 | {{- if ge (int (include "elasticsearch.esMajorVersion" .)) 7 }} 300 | - name: cluster.initial_master_nodes 301 | value: "{{ template "elasticsearch.endpoints" . }}" 302 | {{- else }} 303 | - name: discovery.zen.minimum_master_nodes 304 | value: "{{ .Values.minimumMasterNodes }}" 305 | {{- end }} 306 | {{- end }} 307 | {{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }} 308 | - name: discovery.zen.ping.unicast.hosts 309 | value: "{{ template "elasticsearch.masterService" . }}-headless" 310 | {{- else }} 311 | - name: discovery.seed_hosts 312 | value: "{{ template "elasticsearch.masterService" . }}-headless" 313 | {{- end }} 314 | - name: cluster.name 315 | value: "{{ .Values.clusterName }}" 316 | - name: network.host 317 | value: "{{ .Values.networkHost }}" 318 | {{- if .Values.esJavaOpts }} 319 | - name: ES_JAVA_OPTS 320 | value: "{{ .Values.esJavaOpts }}" 321 | {{- end }} 322 | {{- range $role, $enabled := .Values.roles }} 323 | - name: node.{{ $role }} 324 | value: "{{ $enabled }}" 325 | {{- end }} 326 | {{- if .Values.extraEnvs }} 327 | {{ toYaml .Values.extraEnvs | indent 10 }} 328 | {{- end }} 329 | {{- if .Values.envFrom }} 330 | envFrom: 331 | {{ toYaml .Values.envFrom | indent 10 }} 332 | {{- end }} 333 | volumeMounts: 334 | {{- if .Values.persistence.enabled }} 335 | - name: "{{ template "elasticsearch.uname" . }}" 336 | mountPath: /usr/share/elasticsearch/data 337 | {{- end }} 338 | {{ if .Values.keystore }} 339 | - name: keystore 340 | mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore 341 | subPath: elasticsearch.keystore 342 | {{ end }} 343 | {{- range .Values.secretMounts }} 344 | - name: {{ .name }} 345 | mountPath: {{ .path }} 346 | {{- if .subPath }} 347 | subPath: {{ .subPath }} 348 | {{- end }} 349 | {{- end }} 350 | {{- range $path, $config := .Values.esConfig }} 351 | - name: esconfig 352 | mountPath: /usr/share/elasticsearch/config/{{ $path }} 353 | subPath: {{ $path }} 354 | {{- end -}} 355 | {{- if .Values.extraVolumeMounts }} 356 | # Currently some extra blocks accept strings 357 | # to continue with backwards compatibility this is being kept 358 | # whilst also allowing for yaml to be specified too. 359 | {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} 360 | {{ tpl .Values.extraVolumeMounts . | indent 10 }} 361 | {{- else }} 362 | {{ toYaml .Values.extraVolumeMounts | indent 10 }} 363 | {{- end }} 364 | {{- end }} 365 | {{- if .Values.lifecycle }} 366 | lifecycle: 367 | {{ toYaml .Values.lifecycle | indent 10 }} 368 | {{- end }} 369 | {{- if .Values.extraContainers }} 370 | # Currently some extra blocks accept strings 371 | # to continue with backwards compatibility this is being kept 372 | # whilst also allowing for yaml to be specified too. 373 | {{- if eq "string" (printf "%T" .Values.extraContainers) }} 374 | {{ tpl .Values.extraContainers . | indent 6 }} 375 | {{- else }} 376 | {{ toYaml .Values.extraContainers | indent 6 }} 377 | {{- end }} 378 | {{- end }} 379 | --------------------------------------------------------------------------------