--- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat spec: type: filebeat version: 8.4.3 elasticsearchRef: name: elasticsearch config: logging: level: warning http: enabled: true port: 5066 filebeat: autodiscover: providers: - type: kubernetes node: ${NODE_NAME} hints: enabled: true default_config: type: container paths: - /var/log/containers/*${data.kubernetes.container.id}.log daemonSet: podTemplate: metadata: annotations: co.elastic.logs/enabled: 'false' spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 containers: - name: filebeat securityContext: runAsUser: 0 volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi - name: exporter image: sepa/beats-exporter args: - -p=5066 ports: - containerPort: 8080 name: exporter protocol: TCP volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers tolerations: - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "NoSchedule" --- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat-syslog spec: type: filebeat version: 8.4.3 elasticsearchRef: name: elasticsearch config: logging: level: warning http: enabled: true port: 5066 filebeat: inputs: - type: syslog format: rfc5424 protocol.udp: host: "0.0.0.0:1514" - type: syslog format: rfc5424 protocol.tcp: host: "0.0.0.0:1514" deployment: replicas: 2 podTemplate: metadata: annotations: co.elastic.logs/enabled: 'false' spec: terminationGracePeriodSeconds: 30 containers: - name: filebeat resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi ports: - containerPort: 1514 name: syslog protocol: UDP volumeMounts: - name: filebeat-registry mountPath: /usr/share/filebeat/data - name: exporter image: sepa/beats-exporter args: - -p=5066 ports: - containerPort: 8080 name: exporter protocol: TCP volumes: - name: filebeat-registry emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: filebeat-syslog-udp annotations: external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee metallb.universe.tf/allow-shared-ip: syslog.k-space.ee spec: type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 172.20.51.4 ports: - name: filebeat-syslog port: 514 protocol: UDP targetPort: 1514 selector: beat.k8s.elastic.co/name: filebeat-syslog --- apiVersion: v1 kind: Service metadata: name: filebeat-syslog-tcp annotations: external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee metallb.universe.tf/allow-shared-ip: syslog.k-space.ee spec: type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 172.20.51.4 ports: - name: filebeat-syslog port: 514 protocol: TCP targetPort: 1514 selector: beat.k8s.elastic.co/name: filebeat-syslog --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat rules: - apiGroups: - "" resources: - namespaces - pods - nodes verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: elastic-system roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.4.3 nodeSets: - name: default count: 1 volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: longhorn http: tls: selfSignedCertificate: disabled: true --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.4.3 count: 1 elasticsearchRef: name: elasticsearch http: tls: selfSignedCertificate: disabled: true config: server.publicBaseUrl: https://kibana.k-space.ee xpack.reporting.enabled: false xpack.apm.ui.enabled: false xpack.security.authc.providers: anonymous.anonymous1: order: 0 credentials: username: "elastic" secureSettings: - secretName: elasticsearch-es-elastic-user entries: - key: elastic path: xpack.security.authc.providers.anonymous.anonymous1.credentials.password podTemplate: metadata: annotations: co.elastic.logs/enabled: 'false' spec: containers: - name: kibana readinessProbe: httpGet: path: /app/home port: 5601 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kibana annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: kibana.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: kibana-kb-http port: number: 5601 tls: - hosts: - "*.k-space.ee" --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: filebeat spec: selector: matchLabels: beat.k8s.elastic.co/name: filebeat podMetricsEndpoints: - port: exporter --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: elasticsearch spec: selector: matchLabels: app.kubernetes.io/name: elasticsearch-exporter podMetricsEndpoints: - port: exporter