apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: filebeat
spec:
  type: filebeat
  version: 8.3.1
  elasticsearchRef:
    name: elasticsearch
  kibanaRef:
    name: kibana
  config:
    filebeat:
      autodiscover:
        providers:
        - type: kubernetes
          node: ${NODE_NAME}
          hints:
            enabled: true
            default_config:
              type: container
              paths:
              - /var/log/containers/*${data.kubernetes.container.id}.log
    processors:
      - drop_fields:
          fields:
            - stream
            - target
            - host
          ignore_missing: true
      - rename:
          fields:
            - from: "kubernetes.node.name"
              to: "host"
            - from: "kubernetes.pod.name"
              to: "pod"
            - from: "kubernetes.labels.app"
              to: "app"
            - from: "kubernetes.namespace"
              to: "namespace"
          ignore_missing: true
      - drop_fields:
          fields:
            - input
            - agent
            - container
            - ecs
            - host
            - kubernetes
            - log
            - "@metadata"
          ignore_missing: true
      - decode_json_fields:
          fields:
            - message
          max_depth: 2
          expand_keys: true
          target: ""
          add_error_key: true
  daemonSet:
    podTemplate:
      spec:
        serviceAccountName: filebeat
        automountServiceAccountToken: true
        terminationGracePeriodSeconds: 30
        dnsPolicy: ClusterFirstWithHostNet
        hostNetwork: true # Allows to provide richer host metadata
        containers:
        - name: filebeat
          securityContext:
            runAsUser: 0
          volumeMounts:
          - name: varlogcontainers
            mountPath: /var/log/containers
          - name: varlogpods
            mountPath: /var/log/pods
          - name: varlibdockercontainers
            mountPath: /var/lib/docker/containers
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
        volumes:
        - name: varlogcontainers
          hostPath:
            path: /var/log/containers
        - name: varlogpods
          hostPath:
            path: /var/log/pods
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
        tolerations:
        - operator: "Exists"
          effect: "NoExecute"
        - operator: "Exists"
          effect: "NoSchedule"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  - pods
  - nodes
  verbs:
  - get
  - watch
  - list
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
  namespace: elastic-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
subjects:
- kind: ServiceAccount
  name: filebeat
  namespace: elastic-system
roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 8.3.1
  nodeSets:
  - name: default
    count: 3
    config:
      node.store.allow_mmap: false
      xpack.security.authc:
          anonymous:
            username: anonymous
            roles: superuser
            authz_exception: false
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 5Gi
        storageClassName: local-path
  http:
    tls:
      selfSignedCertificate:
        disabled: true
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 8.3.1
  count: 2
  elasticsearchRef:
    name: elasticsearch
  http:
    tls:
      selfSignedCertificate:
        disabled: true
  config:
    server.publicBaseUrl: https://kibana.k-space.ee
    #xpack.security.authc.realms.oidc.my_oidc:
      #order: 1
      #rp.client_id: "kibana"
      #rp.response_type: code
      #rp.redirect_uri: "https://kibana.k-space.ee/api/security/v1/oidc"
      #op.issuer: "https://auth.k-space.ee"
      #op.authorization_endpoint: "https://auth.k-space.ee/api/oidc/authorization"
      #op.token_endpoint: "https://auth.k-space.ee/api/oidc/token"
      #op.jwkset_path: "https://auth.k-space.ee/jwks.json"
      #op.userinfo_endpoint: "https://auth.k-space.ee/api/oidc/userinfo"
      #rp.post_logout_redirect_uri: "https://kibana.k-space.ee/logged_out"
      #claims.principal: preferred_username
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kibana
  annotations:
    kubernetes.io/ingress.class: traefik
    cert-manager.io/cluster-issuer: default
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
  - host: kibana.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: kibana-kb-http
            port:
              number: 5601
  tls:
  - hosts:
    - kibana.k-space.ee
    secretName: kibana-tls