--- apiVersion: mongodbcommunity.mongodb.com/v1 kind: MongoDBCommunity metadata: name: mongodb spec: additionalMongodConfig: systemLog: quiet: true members: 3 type: ReplicaSet version: "5.0.13" security: authentication: modes: ["SCRAM"] users: - name: readwrite db: application passwordSecretRef: name: mongodb-application-readwrite-password roles: - name: readWrite db: application scramCredentialsSecretName: mongodb-application-readwrite - name: readonly db: application passwordSecretRef: name: mongodb-application-readonly-password roles: - name: readOnly db: application scramCredentialsSecretName: mongodb-application-readonly statefulSet: spec: logLevel: WARN template: spec: containers: - name: mongod resources: requests: cpu: 100m memory: 2Gi limits: cpu: 2000m memory: 2Gi - name: mongodb-agent resources: requests: cpu: 1m memory: 100Mi limits: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - mongodb-svc topologyKey: kubernetes.io/hostname nodeSelector: dedicated: monitoring tolerations: - key: dedicated operator: Equal value: monitoring effect: NoSchedule volumeClaimTemplates: - metadata: name: logs-volume spec: storageClassName: local-path accessModes: - ReadWriteOnce resources: requests: storage: 512Mi - metadata: name: data-volume spec: storageClassName: local-path accessModes: - ReadWriteOnce resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: DaemonSet metadata: name: log-shipper spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: app: log-shipper template: metadata: labels: app: log-shipper spec: serviceAccountName: log-shipper containers: - name: log-shipper image: harbor.k-space.ee/k-space/log-shipper securityContext: runAsUser: 0 env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MONGODB_HOST valueFrom: secretKeyRef: name: mongodb-application-readwrite key: connectionString.standard ports: - containerPort: 8000 name: metrics resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: etcmachineid mountPath: /etc/machine-id readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true volumes: - name: etcmachineid hostPath: path: /etc/machine-id - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log tolerations: - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "NoSchedule" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: logging-log-shipper subjects: - kind: ServiceAccount name: log-shipper namespace: playground roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: log-shipper labels: app: log-shipper --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: log-shipper spec: podSelector: matchLabels: app: log-shipper policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: prometheus-operator podSelector: matchLabels: app.kubernetes.io/name: prometheus egress: - to: - podSelector: matchLabels: app: mongodb-svc ports: - port: 27017 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: log-viewer-backend spec: podSelector: matchLabels: app: log-viewer-backend policyTypes: - Ingress - Egress egress: - to: - podSelector: matchLabels: app: mongodb-svc ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik podSelector: matchLabels: app.kubernetes.io/name: traefik --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: log-viewer-frontend spec: podSelector: matchLabels: app: log-viewer-frontend policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik podSelector: matchLabels: app.kubernetes.io/name: traefik --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: log-shipper spec: selector: matchLabels: app: log-shipper podMetricsEndpoints: - port: metrics