forked from k-space/kube
320 lines
7.1 KiB
YAML
320 lines
7.1 KiB
YAML
---
|
|
apiVersion: beat.k8s.elastic.co/v1beta1
|
|
kind: Beat
|
|
metadata:
|
|
name: filebeat
|
|
spec:
|
|
type: filebeat
|
|
version: 8.4.1
|
|
elasticsearchRef:
|
|
name: elasticsearch
|
|
kibanaRef:
|
|
name: kibana
|
|
config:
|
|
logging:
|
|
level: warning
|
|
http:
|
|
enabled: true
|
|
port: 5066
|
|
filebeat:
|
|
autodiscover:
|
|
providers:
|
|
- type: kubernetes
|
|
node: ${NODE_NAME}
|
|
hints:
|
|
enabled: true
|
|
default_config:
|
|
type: container
|
|
paths:
|
|
- /var/log/containers/*${data.kubernetes.container.id}.log
|
|
daemonSet:
|
|
podTemplate:
|
|
spec:
|
|
serviceAccountName: filebeat
|
|
automountServiceAccountToken: true
|
|
terminationGracePeriodSeconds: 30
|
|
containers:
|
|
- name: filebeat
|
|
securityContext:
|
|
runAsUser: 0
|
|
volumeMounts:
|
|
- name: varlogcontainers
|
|
mountPath: /var/log/containers
|
|
- name: varlogpods
|
|
mountPath: /var/log/pods
|
|
- name: varlibdockercontainers
|
|
mountPath: /var/lib/docker/containers
|
|
env:
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
- name: exporter
|
|
image: sepa/beats-exporter
|
|
args:
|
|
- -p=5066
|
|
ports:
|
|
- containerPort: 8080
|
|
name: exporter
|
|
protocol: TCP
|
|
volumes:
|
|
- name: varlogcontainers
|
|
hostPath:
|
|
path: /var/log/containers
|
|
- name: varlogpods
|
|
hostPath:
|
|
path: /var/log/pods
|
|
- name: varlibdockercontainers
|
|
hostPath:
|
|
path: /var/lib/docker/containers
|
|
tolerations:
|
|
- operator: "Exists"
|
|
effect: "NoExecute"
|
|
- operator: "Exists"
|
|
effect: "NoSchedule"
|
|
---
|
|
apiVersion: beat.k8s.elastic.co/v1beta1
|
|
kind: Beat
|
|
metadata:
|
|
name: filebeat-syslog
|
|
spec:
|
|
type: filebeat
|
|
version: 8.4.1
|
|
elasticsearchRef:
|
|
name: elasticsearch
|
|
kibanaRef:
|
|
name: kibana
|
|
config:
|
|
logging:
|
|
level: warning
|
|
http:
|
|
enabled: true
|
|
port: 5066
|
|
filebeat:
|
|
inputs:
|
|
- type: syslog
|
|
format: rfc5424
|
|
protocol.udp:
|
|
host: "0.0.0.0:1514"
|
|
- type: syslog
|
|
format: rfc5424
|
|
protocol.tcp:
|
|
host: "0.0.0.0:1514"
|
|
deployment:
|
|
replicas: 2
|
|
podTemplate:
|
|
spec:
|
|
terminationGracePeriodSeconds: 30
|
|
containers:
|
|
- name: filebeat
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
ports:
|
|
- containerPort: 1514
|
|
name: syslog
|
|
protocol: UDP
|
|
volumeMounts:
|
|
- name: filebeat-registry
|
|
mountPath: /usr/share/filebeat/data
|
|
- name: exporter
|
|
image: sepa/beats-exporter
|
|
args:
|
|
- -p=5066
|
|
ports:
|
|
- containerPort: 8080
|
|
name: exporter
|
|
protocol: TCP
|
|
volumes:
|
|
- name: filebeat-registry
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: filebeat-syslog-udp
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee
|
|
metallb.universe.tf/allow-shared-ip: syslog.k-space.ee
|
|
spec:
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
loadBalancerIP: 172.20.51.4
|
|
ports:
|
|
- name: filebeat-syslog
|
|
port: 514
|
|
protocol: UDP
|
|
targetPort: 1514
|
|
selector:
|
|
beat.k8s.elastic.co/name: filebeat-syslog
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: filebeat-syslog-tcp
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: syslog.k-space.ee
|
|
metallb.universe.tf/allow-shared-ip: syslog.k-space.ee
|
|
spec:
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
loadBalancerIP: 172.20.51.4
|
|
ports:
|
|
- name: filebeat-syslog
|
|
port: 514
|
|
protocol: TCP
|
|
targetPort: 1514
|
|
selector:
|
|
beat.k8s.elastic.co/name: filebeat-syslog
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: filebeat
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
- pods
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- watch
|
|
- list
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: filebeat
|
|
namespace: elastic-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: filebeat
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: filebeat
|
|
namespace: elastic-system
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: filebeat
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: elasticsearch.k8s.elastic.co/v1
|
|
kind: Elasticsearch
|
|
metadata:
|
|
name: elasticsearch
|
|
spec:
|
|
version: 8.4.1
|
|
nodeSets:
|
|
- name: default
|
|
count: 3
|
|
config:
|
|
node.store.allow_mmap: false
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: elasticsearch-data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
storageClassName: local-path
|
|
http:
|
|
tls:
|
|
selfSignedCertificate:
|
|
disabled: true
|
|
---
|
|
apiVersion: kibana.k8s.elastic.co/v1
|
|
kind: Kibana
|
|
metadata:
|
|
name: kibana
|
|
spec:
|
|
version: 8.4.1
|
|
count: 2
|
|
elasticsearchRef:
|
|
name: elasticsearch
|
|
http:
|
|
tls:
|
|
selfSignedCertificate:
|
|
disabled: true
|
|
config:
|
|
server.publicBaseUrl: https://kibana.k-space.ee
|
|
xpack.reporting.enabled: false
|
|
xpack.apm.ui.enabled: false
|
|
xpack.security.authc.providers:
|
|
anonymous.anonymous1:
|
|
order: 0
|
|
credentials:
|
|
username: "elastic"
|
|
secureSettings:
|
|
- secretName: elasticsearch-es-elastic-user
|
|
entries:
|
|
- key: elastic
|
|
path: xpack.security.authc.providers.anonymous.anonymous1.credentials.password
|
|
podTemplate:
|
|
spec:
|
|
containers:
|
|
- name: kibana
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /app/home
|
|
port: 5601
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: kibana
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
cert-manager.io/cluster-issuer: default
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
spec:
|
|
rules:
|
|
- host: kibana.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: kibana-kb-http
|
|
port:
|
|
number: 5601
|
|
tls:
|
|
- hosts:
|
|
- kibana.k-space.ee
|
|
secretName: kibana-tls
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: filebeat
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
beat.k8s.elastic.co/name: filebeat
|
|
podMetricsEndpoints:
|
|
- port: exporter
|