kube/elastic-system/application.yml

---
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: filebeat
spec:
  type: filebeat
  version: 8.14.3
  elasticsearchRef:
    name: elasticsearch
  config:
    logging:
      level: warning
    http:
      enabled: true
      port: 5066
    filebeat:
      autodiscover:
        providers:
        - type: kubernetes
          node: ${NODE_NAME}
          hints:
            enabled: true
            default_config:
              type: container
              paths:
              - /var/log/containers/*${data.kubernetes.container.id}.log
  daemonSet:
    podTemplate:
      metadata:
        annotations:
          co.elastic.logs/enabled: 'false'
      spec:
        serviceAccountName: filebeat
        automountServiceAccountToken: true
        terminationGracePeriodSeconds: 30
        containers:
        - name: filebeat
          securityContext:
            runAsUser: 0
          volumeMounts:
          - name: varlogcontainers
            mountPath: /var/log/containers
          - name: varlogpods
            mountPath: /var/log/pods
          - name: varlibdockercontainers
            mountPath: /var/lib/docker/containers
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          resources:
            limits:
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 100Mi
        - name: exporter
          image: mirror.gcr.io/sepa/beats-exporter:latest
          args:
            - -p=5066
          ports:
            - containerPort: 8080
              name: exporter
              protocol: TCP
        volumes:
        - name: varlogcontainers
          hostPath:
            path: /var/log/containers
        - name: varlogpods
          hostPath:
            path: /var/log/pods
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
        tolerations:
        - operator: "Exists"
          effect: "NoExecute"
        - operator: "Exists"
          effect: "NoSchedule"
---
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: filebeat-syslog
spec:
  type: filebeat
  version: 8.4.3
  elasticsearchRef:
    name: elasticsearch
  config:
    logging:
      level: warning
    http:
      enabled: true
      port: 5066
    filebeat:
      inputs:
        - type: syslog
          format: rfc5424
          protocol.udp:
            host: "0.0.0.0:1514"
        - type: syslog
          format: rfc5424
          protocol.tcp:
            host: "0.0.0.0:1514"
  deployment:
    replicas: 2
    podTemplate:
      metadata:
        annotations:
          co.elastic.logs/enabled: 'false'
      spec:
        terminationGracePeriodSeconds: 30
        containers:
        - name: filebeat
          resources:
            limits:
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 1514
              name: syslog
              protocol: UDP
          volumeMounts:
            - name: filebeat-registry
              mountPath: /usr/share/filebeat/data
        - name: exporter
          image: mirror.gcr.io/sepa/beats-exporter:latest
          args:
            - -p=5066
          ports:
            - containerPort: 8080
              name: exporter
              protocol: TCP
        volumes:
          - name: filebeat-registry
            emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: filebeat-syslog-udp
  annotations:
    external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee
    metallb.universe.tf/allow-shared-ip: syslog.k-space.ee
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.21.51.4
  ports:
    - name: filebeat-syslog
      port: 514
      protocol: UDP
      targetPort: 1514
  selector:
    beat.k8s.elastic.co/name: filebeat-syslog
---
apiVersion: v1
kind: Service
metadata:
  name: filebeat-syslog-tcp
  annotations:
    external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee
    metallb.universe.tf/allow-shared-ip: syslog.k-space.ee
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.21.51.4
  ports:
    - name: filebeat-syslog
      port: 514
      protocol: TCP
      targetPort: 1514
  selector:
    beat.k8s.elastic.co/name: filebeat-syslog
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  - pods
  - nodes
  verbs:
  - get
  - watch
  - list
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
  namespace: elastic-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
subjects:
- kind: ServiceAccount
  name: filebeat
  namespace: elastic-system
roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 8.14.3
  nodeSets:
  - name: default
    count: 2
    config:
      node.roles: [ "data_content", "data_hot", "ingest", "master", "remote_cluster_client", "data_cold", "remote_cluster_client" ]
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 5Gi
        storageClassName: longhorn
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 8.14.3
  count: 1
  elasticsearchRef:
    name: elasticsearch
  http:
    tls:
      selfSignedCertificate:
        disabled: true
  config:
    server.publicBaseUrl: https://kibana.k-space.ee
    xpack.reporting.enabled: false
    xpack.apm.ui.enabled: false
  podTemplate:
    metadata:
      annotations:
        co.elastic.logs/enabled: 'false'
    spec:
      containers:
        - name: kibana
          readinessProbe:
            httpGet:
              path: /app/home
              port: 5601
              scheme: HTTP
            initialDelaySeconds: 10
            timeoutSeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kibana
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
  - host: kibana.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: kibana-kb-http
            port:
              number: 5601
  tls:
  - hosts:
    - "*.k-space.ee"
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: filebeat
spec:
  selector:
    matchLabels:
      beat.k8s.elastic.co/name: filebeat
  podMetricsEndpoints:
    - port: exporter
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: elasticsearch
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: elasticsearch-exporter
  podMetricsEndpoints:
    - port: exporter
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kibana
  annotations:
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: 'true'
spec:
  tls:
    - hosts:
        - '*.k-space.ee'
  rules:
    - host: kibana.k-space.ee
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kibana-kb-http
                port:
                  number: 5601