forked from k-space/kube
186 lines
4.2 KiB
YAML
186 lines
4.2 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: filebeat-config
|
|
namespace: logging
|
|
data:
|
|
filebeat.yml: |-
|
|
logging:
|
|
level: warning
|
|
setup:
|
|
ilm:
|
|
enabled: false
|
|
template:
|
|
name: filebeat
|
|
pattern: filebeat-*
|
|
http.enabled: true
|
|
filebeat.autodiscover:
|
|
providers:
|
|
- type: kubernetes
|
|
host: ${NODE_NAME}
|
|
hints.enabled: true
|
|
hints.default_config:
|
|
type: container
|
|
paths:
|
|
- /var/log/containers/*${data.kubernetes.container.id}.log
|
|
output:
|
|
elasticsearch:
|
|
hosts:
|
|
- http://zinc:4080
|
|
path: "/es/"
|
|
index: "filebeat-%{+yyyy.MM.dd}"
|
|
username: "${ZINC_FIRST_ADMIN_USER}"
|
|
password: "${ZINC_FIRST_ADMIN_PASSWORD}"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: filebeat
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 50%
|
|
selector:
|
|
matchLabels:
|
|
app: filebeat
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: filebeat
|
|
annotations:
|
|
co.elastic.logs/json.keys_under_root: "true"
|
|
spec:
|
|
serviceAccountName: filebeat
|
|
containers:
|
|
- name: filebeat
|
|
image: docker.elastic.co/beats/filebeat:8.4.1
|
|
args:
|
|
- -c
|
|
- /etc/filebeat.yml
|
|
- -e
|
|
securityContext:
|
|
runAsUser: 0
|
|
env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: ZINC_FIRST_ADMIN_USER
|
|
value: admin
|
|
- name: ZINC_FIRST_ADMIN_PASSWORD
|
|
value: salakala
|
|
ports:
|
|
- containerPort: 5066
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
volumeMounts:
|
|
- name: filebeat-config
|
|
mountPath: /etc/filebeat.yml
|
|
readOnly: true
|
|
subPath: filebeat.yml
|
|
- name: data
|
|
mountPath: /usr/share/filebeat/data
|
|
- name: varlibdockercontainers
|
|
mountPath: /var/lib/docker/containers
|
|
readOnly: true
|
|
- name: varlog
|
|
mountPath: /var/log
|
|
readOnly: true
|
|
- name: exporter
|
|
image: sepa/beats-exporter
|
|
args:
|
|
- -p=5066
|
|
ports:
|
|
- containerPort: 8080
|
|
name: exporter
|
|
protocol: TCP
|
|
volumes:
|
|
- name: filebeat-config
|
|
configMap:
|
|
defaultMode: 0600
|
|
name: filebeat-config
|
|
- name: varlibdockercontainers
|
|
hostPath:
|
|
path: /var/lib/docker/containers
|
|
- name: varlog
|
|
hostPath:
|
|
path: /var/log
|
|
- name: data
|
|
hostPath:
|
|
path: /var/lib/filebeat-data
|
|
type: DirectoryOrCreate
|
|
tolerations:
|
|
- operator: "Exists"
|
|
effect: "NoExecute"
|
|
- operator: "Exists"
|
|
effect: "NoSchedule"
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: logging-filebeat
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: filebeat
|
|
namespace: logging
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: filebeat
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: filebeat
|
|
namespace: logging
|
|
labels:
|
|
app: filebeat
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: filebeat
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: filebeat
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: prometheus-operator
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8080
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: zinc
|
|
ports:
|
|
- protocol: TCP
|
|
port: 4080
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: filebeat
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: filebeat
|
|
podMetricsEndpoints:
|
|
- port: exporter
|